Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: Reset expired password from .NET
- From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
- To: Fernando Grijalba <jfercan(at)yahoo(dot)com>
- Cc: pgsql-interfaces(at)postgresql(dot)org
- Subject: Re: Reset expired password from .NET
- Date: Tue, 30 May 2006 19:02:11 -0400
Fernando Grijalba <jfercan(at)yahoo(dot)com> writes: > I just realized that Postgresql does not differentiate between an invalid username/password or an expired password when it gives you the error message. That's intentional. Per the comments in auth.c: * Tell the user the authentication failed, but not (much about) why. * * There is a tradeoff here between security concerns and making life * unnecessarily difficult for legitimate users. We would not, for example, * want to report the password we were expecting to receive... * But it seems useful to report the username and authorization method * in use, and these are items that must be presumed known to an attacker * anyway. * Note that many sorts of failure report additional information in the * postmaster log, which we hope is only readable by good guys. regards, tom lane
- References:
- Reset expired password from .NET
- From: Fernando Grijalba
- Reset expired password from .NET
- Prev by Date: Reset expired password from .NET
- Next by Date: Re: Building psql.exe using the free Borland compiler
- Previous by thread: Reset expired password from .NET
- Indexes: