Quick Links

Re: Change authentication error message (patch)

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Bruce Momjian <bruce(at)momjian(dot)us>
Cc:	"Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Markus Wanner <markus(at)bluegap(dot)ch>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: Change authentication error message (patch)
Date:	2014-01-24 03:39:34
Message-ID:	28960.1390534774@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Bruce Momjian <bruce(at)momjian(dot)us> writes:
> I have developed the attached patch to fix this problem. Do I need to
> say "invalid user or invalid or expired password"?

I'm not convinced that this improves anything. The problem might not in
fact be either of the things you mention, in which case the new message
is outright misleading. Also, what of the policy stated in the header
comment for the function you're hacking, ie we intentionally don't reveal
the precise cause of the failure to the client?

regards, tom lane

In response to

Re: Change authentication error message (patch) at 2014-01-24 02:52:52 from Bruce Momjian

Responses

Re: Change authentication error message (patch) at 2014-01-24 03:54:09 from Bruce Momjian

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Amit Kapila	2014-01-24 03:40:27	Re: [bug fix] pg_ctl always uses the same event source
Previous Message	Yugo Nagata	2014-01-24 03:35:27	Re: Fwd: Proposal: variant of regclass