On 12/20/14 12:11 PM, Steve Singer wrote:
On 12/19/2014 10:41 AM, Alex Shulgin wrote:
I don't think so. The scenario this patch relies on assumes that the
DBA will remember to look in the log if something goes wrong, and in
your case there would be a message like the following:
WARNING:
On 2014-12-15 19:38:16 +0300, Alex Shulgin wrote:
Attached is the modified version of the original patch by Craig,
addressing the handling of the new hint_log error data field and
removing the client-side HINT.
I'm not a big fan of this implementation. We're adding a fair bit of
infrastructure
On 2015-01-16 18:01:24 +0100, Andres Freund wrote:
Why don't we just add emit a NOTICE or WARNING in the relevant place
saying that pg_hba.conf is outdated? Then the server won't log those if
configured appropriately, which doesn't seem like a bad thing. Note that
= ERROR messages aren't sent
Andres Freund and...@2ndquadrant.com writes:
Why don't we just add emit a NOTICE or WARNING in the relevant place
saying that pg_hba.conf is outdated? Then the server won't log those if
configured appropriately, which doesn't seem like a bad thing. Note that
= ERROR messages aren't sent to the
On 2015-01-16 12:21:13 -0500, Tom Lane wrote:
Andres Freund and...@2ndquadrant.com writes:
Why don't we just add emit a NOTICE or WARNING in the relevant place
saying that pg_hba.conf is outdated? Then the server won't log those if
configured appropriately, which doesn't seem like a bad
Andres Freund and...@2ndquadrant.com writes:
On 2015-01-16 12:21:13 -0500, Tom Lane wrote:
I think people felt that sending that information to the client wouldn't
be a good idea security-wise.
It won't if issued during the right phase of the authentication:
Good point.
But as I don't
On 12/19/2014 10:41 AM, Alex Shulgin wrote:
I don't think so. The scenario this patch relies on assumes that the
DBA will remember to look in the log if something goes wrong, and in
your case there would be a message like the following:
WARNING: pg_hba.conf not reloaded
So an extra hint
On 12/15/2014 11:38 AM, Alex Shulgin wrote:
These are all valid concerns IMHO. Attached is the modified version of
the original patch by Craig, addressing the handling of the new
hint_log error data field and removing the client-side HINT. I'm also
moving this to the current CF. -- Alex
Steve Singer st...@ssinger.info writes:
On 12/15/2014 11:38 AM, Alex Shulgin wrote:
These are all valid concerns IMHO. Attached is the modified version
of the original patch by Craig, addressing the handling of the new
hint_log error data field and removing the client-side HINT. I'm
also
On 12/19/2014 11:41 PM, Alex Shulgin wrote:
I don't think so. The scenario this patch relies on assumes that the
DBA will remember to look in the log if something goes wrong
Well, actually, the whole point was that the user who's connecting
(likely also the DBA) will see a HINT telling them
Craig Ringer cr...@2ndquadrant.com writes:
On 12/19/2014 11:41 PM, Alex Shulgin wrote:
I don't think so. The scenario this patch relies on assumes that the
DBA will remember to look in the log if something goes wrong
Well, actually, the whole point was that the user who's connecting
Peter Eisentraut pete...@gmx.net writes:
On 10/16/14 11:34 PM, Craig Ringer wrote:
psql: FATAL: Peer authentication failed for user fred
HINT: See the server error log for additional information.
I think this is wrong for many reasons.
I have never seen an authentication system that
On Thu, Nov 27, 2014 at 8:49 AM, Bruce Momjian br...@momjian.us wrote:
On Thu, Nov 6, 2014 at 05:46:42PM -0500, Peter Eisentraut wrote:
Finally, the fact that a configuration change is in progress is
privileged information. Unprivileged users can deduct from the presence
of this message that
On Thu, Nov 6, 2014 at 05:46:42PM -0500, Peter Eisentraut wrote:
Finally, the fact that a configuration change is in progress is
privileged information. Unprivileged users can deduct from the presence
of this message that administrators are doing something, and possibly
that they have done
On Thu, Nov 6, 2014 at 5:46 PM, Peter Eisentraut pete...@gmx.net wrote:
I think it's fine to log a message in the server log if the pg_hba.conf
file needs reloading. But the client shouldn't know about this at all.
I agree.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The
On 10/16/14 11:34 PM, Craig Ringer wrote:
psql: FATAL: Peer authentication failed for user fred
HINT: See the server error log for additional information.
I think this is wrong for many reasons.
I have never seen an authentication system that responds with, hey, what
you just did didn't get
On 10/16/2014 11:34 PM, Craig Ringer wrote:
Given the generally positive reception to this, here's a patch.
The first patch adds an errhint_log , akin to the current errdetail_log,
so we can send a different HINT to the server log than we do to the client.
The patch behaves as you describe.
On 08/10/2014 07:48 PM, Craig Ringer wrote:
Hi all
I just had an idea I wanted to run by you all before turning it into a
patch.
People seem to get confused when they get auth errors because they
changed pg_hba.conf but didn't reload.
Should we emit a HINT alongside the main auth error
18 matches
Mail list logo