[pgpool-committers: 10495] pgpool: Suppress unnecessary information upon authentication failure.
Tatsuo Ishii
ishii at postgresql.org
Sat May 17 15:31:58 JST 2025
Suppress unnecessary information upon authentication failure.
Previously a message "password size does not match" was displayed when
client authentication failed. This could help an attacker to guess
password. Replace it just "password does not match".
Backpatch-through: v4.2
Branch
------
V4_3_STABLE
Details
-------
https://git.postgresql.org/gitweb?p=pgpool2.git;a=commitdiff;h=14ae9365b025df8b3b0bf75126e2d7f485d1c9ad
Modified Files
--------------
src/auth/pool_auth.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
More information about the pgpool-committers
mailing list