[pgpool-committers: 10496] pgpool: Suppress unnecessary information upon authentication failure.
Tatsuo Ishii
ishii at postgresql.org
Sat May 17 15:32:03 JST 2025
Suppress unnecessary information upon authentication failure.
Previously a message "password size does not match" was displayed when
client authentication failed. This could help an attacker to guess
password. Replace it just "password does not match".
Backpatch-through: v4.2
Branch
------
V4_4_STABLE
Details
-------
https://git.postgresql.org/gitweb?p=pgpool2.git;a=commitdiff;h=d0dbcbd270ef40eadf1b99d2bb3c3f640b29f35f
Modified Files
--------------
src/auth/pool_auth.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
More information about the pgpool-committers
mailing list