'Re: [HACKERS] include host names in hba error messages'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postgresql-general
Subject:    Re: [HACKERS] include host names in hba error messages
From:       Robert Haas <robertmhaas () gmail ! com>
Date:       2011-07-29 18:59:09
Message-ID: CA+Tgmob5Z23XGHnG7qKE93QMCm69f1Lb7JrQ0+Vp96kPUUXGZg () mail ! gmail ! com
[Download RAW message or body]

On Fri, Jul 29, 2011 at 2:44 PM, Peter Eisentraut <peter_e@gmx.net> wrote:
> On tis, 2011-07-19 at 14:17 -0400, Robert Haas wrote:
>> I think it would be less confusing to write the IP address as the main
>> piece of information, and put the hostname in parentheses only if we
>> accepted it as valid (i.e. we did both lookups, and everything
>> matched).
>>
>> ERROR: no pg_hba.conf entry for host 127.0.0.1 ("localhost"), user
>> "x", database "y"
>>
>> As for the case where we the forward lookup and reverse lookup don't
>> match, could we add that as a DETAIL?
>>
>> ERROR: no pg_hba.conf entry for host 127.0.0.1, user "x", database "y"
>> DETAIL: Forward and reverse DNS lookups do not match.
>
> On further reflection, the only way we would get a complete match host
> name is if there actually were a line in pg_hba.conf with that host
> name, but it didn't match because of other parameters.  So that would be
> quite rare, and so the error message would look one way or the other
> depending on obscure circumstances, which would be confusing.
>
> But picking up on your second suggestion, I propose instead that we put
> a note in the detail about the host name and what we know about it, if
> we know it, e.g.
>
> ERROR: no pg_hba.conf entry for host 127.0.0.1, user "x", database "y"
> DETAIL: Client IP address resolved to "localhost", forward lookup matches.
>
> I chose to use errdetail_log(), which only goes into the server log, so
> we don't expose too much about the server's DNS setup to the client.

Seems reasonable.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic