Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w82sH-000A01-00 for pgsql-hackers@arkaria.postgresql.org; Wed, 01 Apr 2026 21:13:17 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1w82sF-002Iyw-1O for pgsql-hackers@arkaria.postgresql.org; Wed, 01 Apr 2026 21:13:15 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w82sF-002Iyo-0J for pgsql-hackers@lists.postgresql.org; Wed, 01 Apr 2026 21:13:15 +0000 Received: from mail-yw1-x112f.google.com ([2607:f8b0:4864:20::112f]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1w82sC-00000000504-17I0 for pgsql-hackers@lists.postgresql.org; Wed, 01 Apr 2026 21:13:14 +0000 Received: by mail-yw1-x112f.google.com with SMTP id 00721157ae682-7a2b6adbfa6so2348657b3.0 for ; Wed, 01 Apr 2026 14:13:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1775077990; cv=none; d=google.com; s=arc-20240605; b=Zibh/xzdIt6c942mN3A/T2YSu9eSPGaZPwcoLxAkxuenrr0TUZWbrUAFyQb9i7G5m4 YY0R/zOqTbLIOB5heEaIEzyk87QORd+dNBM1uLqHMsgHhQcql9EEBJyCjkyiFZyyhhqN GnNo7Cm3KeR0tHAmHDo6Pv5Pi5U7YEq8mN3mKHVtej00XfccsdPk90DYaz3LwEjEHZ2H LWZIaPHx+QLINEzPcypFZtnNnsvAig73PATik5bbGYjYMcsXmn3yMz6hhzDiIupbca+Y /ivsLnjGNgDjPf8hnSdfSop7uMi/QmqzmJIWZTRLj8/txK43F/IfRF32QMfIu4jV0Rob wWAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=pXjI46PPAHWvwpeunfnzvxQcrXUCUZvZ0bKKYbx+nzQ=; fh=KJqbGoqY250Tjp1IoJ4/nMPGgzk4wqj0kX2kDwZjgck=; b=SanpDrgJ9n1UVvZp313UFBLz2IC+0u+EGiBQWo/CRwv3uytJmtrRYyQnStOVQQUFuE yaoadC9oAUswWdJm6gmXxLTm1wS4aHf1wV4OWi96oD6JccWxV+oMIFTYrluGNqQEOkBS wLiNoDR9N3rYvBnjH9smpOMh9MZd1T2CZdZDKfw6fqe0tABFkE4KMoZBr6Ke/8zTk4n7 9MbDX4/mj/YmU95DuCv41gY6SeAuDUs5GFo4y0RpFiMfSaCzyYdRbCmW4DP7ZF8Cm4AF 1HyuwriV6wPGzBpzMW0+5kdxqtgJ4kttjIqfIzyQ62ohGJbTTrYZ3TwoYRLYKnsCdCgU Aqqw==; darn=lists.postgresql.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=percona.com; s=google; t=1775077990; x=1775682790; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=pXjI46PPAHWvwpeunfnzvxQcrXUCUZvZ0bKKYbx+nzQ=; b=W9lOx/PsCoqO8t/Lg46hoCIyqUG+4hlcKU5JUKbPCjAsZRfLJfhSNQicnwT5MNJ0+W J6fzqqpaWEYe4BdjuhQD5PEjG3VGcBskdpmpUJnwib5Ru7waCxe6N8+tTTlRrMqowxJ5 nBMjgVqHta789PnZk5FVSWIQTHTHH9uj6s1s8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775077990; x=1775682790; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=pXjI46PPAHWvwpeunfnzvxQcrXUCUZvZ0bKKYbx+nzQ=; b=Gg55TbHbdgMkLPKk6xAJs3ELxgueZyPj6Mx8NJmDLWgB19dk8N6nuu0kqAKSQ9eSbW wgm3/1VSlJs/TcNVm21rR4IS7/OnWHL0ts74QmJndQfJhwAaDc9iazjul8+nI0BkmZvn EqQ8LtZmozHq9t5XU08fSk576TdpRPSMZwsyjyQfwlI63X8GZ/kQwdP0WW35dT1yYUf8 Bw6vBLmUOT3v6P64lV6POdWAiPDfL8AykXeLAOUX/8Arc5k2NB4+tcWOqdor1XYMuP4a 8VWNxTny6xC4+d0tLA2/qo/xGbmfMCsla+72NLMPa1O0qYKztmfEKfksVWxVgY4knRHQ DOAA== X-Gm-Message-State: AOJu0YzDCGHKHuCkS/F3irXaTrN50J2MUnYSKq+OXeZYUerBoJh+njJh BjbrCCK92RCH0ZmrZbrvMdwzp3yKzD3Rkn8A81DRxaLzhNrB+dxX960Y7QrjuXY7CyteV5/ncWl BfuyYfSJYPPdzk7q+l9ya27uoyUm02P3UoSXQtoGzk/eU06W79jRuAk3kDsos1LO51I5Ae8Qk54 X3110lP+ssyG4OXlcTdxFITaHDCciyIqm/vA/AqTvmvpqtE5unLovIekyImL1BREr/YilxuZIC9 N897I2I4hO8rc/VlIC/G/ihk5zw2izzaumZBIlN7CCPSgyjBpmRj18POuQBy+9hvlY= X-Gm-Gg: ATEYQzwvrI5FGzqptpaKAfVu53abwKpY1wyI6mjXBQChhTkcVfvK8q8KM3TGEfLJTCX GdKedET1iVunqbAdGcDxxCADTLmUtrPje5qt8xi7iiojE+wlK80qgmEbCGw38FUnhaq188cyE4t xOfEK8ZztP7GZxFNMuFLXSuqNoSEFKSGOWWysQse+hn9vP5XMkd9+3Q3EIGfEZSZwb4fjL175bh +amJtJBrnpFWEQmKa6t7vG3zpuE3oLEAnXVb75xfV2EYutvVtCO9bHZMEYNPOfCrPayroj1V+4b YBs3Hsx3k8JPjxtwP1gbsBF2797KF/gwXe4exnlrEO1KkRAqhkG4j/kBmLwfuDhyD6Xn X-Received: by 2002:a05:690c:38b:b0:79c:a09a:e59a with SMTP id 00721157ae682-7a210a8c012mr54679067b3.24.1775077990386; Wed, 01 Apr 2026 14:13:10 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Zsolt Parragi Date: Wed, 1 Apr 2026 22:12:58 +0100 X-Gm-Features: AQROBzAHOXywBI16KHVyrhVGWhi8B_KpEbI9Oo6Ol9RZ5sKFQdcPpX_PVPKGzXw Message-ID: Subject: Re: [oauth] Split and extend PGOAUTHDEBUG To: Jacob Champion Cc: PostgreSQL Hackers Content-Type: multipart/mixed; boundary="000000000000114a25064e6c8df8" X-CLOUD-SEC-AV-Sent: true X-CLOUD-SEC-AV-Info: percona,google_mail,monitor X-Gm-Spam: 0 X-Gm-Phishy: 0 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000114a25064e6c8df8 Content-Type: text/plain; charset="UTF-8" > OAUTHDEBUG_LEGACY_UNSAFE? That sounds better > I think I'm missing something; how does the choice of .c/.h change > things? There's no static tracking in v1 of the patchset Eh, sorry about that, I was sure that I sent a version which handled that to the list, but apparently I didn't. It didn't use atomics/mutexes, so maybe it's better. > `UNSAFE` is intended to be a weak defense against social engineering > attacks. So these warnings need to be translated, if possible, and we > should not provide instructions on how to defeat that defense. With the same logic, shouldn't we print a very visible warning when somebody enables trace? Since it's a long output, maybe to both the beginning and end of the flow? --000000000000114a25064e6c8df8 Content-Type: application/octet-stream; name="nocfbot-tracewarning.diff" Content-Disposition: attachment; filename="nocfbot-tracewarning.diff" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_mngjh6940 ZGlmZiAtLWdpdCBhL3NyYy9pbnRlcmZhY2VzL2xpYnBxLW9hdXRoL29hdXRoLWN1cmwuYyBiL3Ny Yy9pbnRlcmZhY2VzL2xpYnBxLW9hdXRoL29hdXRoLWN1cmwuYwppbmRleCBlYjJmZTM1ZDBjYy4u YWQ4YzhjNDU2NWIgMTAwNjQ0Ci0tLSBhL3NyYy9pbnRlcmZhY2VzL2xpYnBxLW9hdXRoL29hdXRo LWN1cmwuYworKysgYi9zcmMvaW50ZXJmYWNlcy9saWJwcS1vYXV0aC9vYXV0aC1jdXJsLmMKQEAg LTMwNDEsNiArMzA0MSwxMSBAQCBwZ19mZV9ydW5fb2F1dGhfZmxvdyhQR2Nvbm4gKmNvbm4sIHN0 cnVjdCBQR29hdXRoQmVhcmVyUmVxdWVzdCAqcmVxdWVzdCwKIAkJCQkJYWN0eC0+ZGJnX251bV9j YWxscyk7CiAJfQoKKwlpZiAoKGFjdHgtPmRlYnVnX2ZsYWdzICYgT0FVVEhERUJVR19VTlNBRkVf VFJBQ0UpCisJCSYmIChyZXN1bHQgPT0gUEdSRVNfUE9MTElOR19PSyB8fCByZXN1bHQgPT0gUEdS RVNfUE9MTElOR19GQUlMRUQpKQorCQlmcHJpbnRmKHN0ZGVyciwKKwkJCQlsaWJwcV9nZXR0ZXh0 KCJXQVJOSU5HOiBQR09BVVRIREVCVUcgdHJhY2Ugb3V0cHV0IGFib3ZlIG1heSBjb250YWluIHNl Y3JldHMuIERvIG5vdCBzaGFyZSB3aXRoIHRoaXJkIHBhcnRpZXMuXG4iKSk7CisKICNpZm5kZWYg V0lOMzIKIAlpZiAobWFza2VkKQogCXsKQEAgLTMwOTYsNiArMzEwMSwxMCBAQCBwZ19zdGFydF9v YXV0aGJlYXJlcihQR2Nvbm4gKmNvbm4sIFBHb2F1dGhCZWFyZXJSZXF1ZXN0VjIgKnJlcXVlc3Qp CiAJLyogUGFyc2UgZGVidWcgZmxhZ3MgZnJvbSB0aGUgZW52aXJvbm1lbnQuICovCiAJYWN0eC0+ ZGVidWdfZmxhZ3MgPSBvYXV0aF9nZXRfZGVidWdfZmxhZ3MoKTsKCisJaWYgKGFjdHgtPmRlYnVn X2ZsYWdzICYgT0FVVEhERUJVR19VTlNBRkVfVFJBQ0UpCisJCWZwcmludGYoc3RkZXJyLAorCQkJ CWxpYnBxX2dldHRleHQoIldBUk5JTkc6IFBHT0FVVEhERUJVRyB0cmFjZSBpcyBlbmFibGVkLiBI VFRQIHRyYWZmaWMgKGluY2x1ZGluZyBzZWNyZXRzKSB3aWxsIGJlIGxvZ2dlZC5cbiIpKTsKKwog CWluaXRQUUV4cEJ1ZmZlcigmYWN0eC0+d29ya19kYXRhKTsKIAlpbml0UFFFeHBCdWZmZXIoJmFj dHgtPmVycmJ1Zik7Cg== --000000000000114a25064e6c8df8--