Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vLnor-00ApCL-12 for pgsql-hackers@arkaria.postgresql.org; Wed, 19 Nov 2025 19:26:21 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vLnop-00Epf4-2C for pgsql-hackers@arkaria.postgresql.org; Wed, 19 Nov 2025 19:26:20 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vLnop-00Epev-1A for pgsql-hackers@lists.postgresql.org; Wed, 19 Nov 2025 19:26:19 +0000 Received: from mail-qv1-xf2c.google.com ([2607:f8b0:4864:20::f2c]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1vLnom-000Peg-0n for pgsql-hackers@postgresql.org; Wed, 19 Nov 2025 19:26:18 +0000 Received: by mail-qv1-xf2c.google.com with SMTP id 6a1803df08f44-88056cab4eeso551676d6.2 for ; Wed, 19 Nov 2025 11:26:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enterprisedb.com; s=google; t=1763580373; x=1764185173; darn=postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=OsDI4EcytM83uXEVicAepPmtugwhjJeBn9+AXoCPxOo=; b=N67j1x6h/pEW5TBYPaKbBuorJLoSf7tZUzrSfzH5hWR/9J5PANOK0H+NOjhXV29o+7 TeOSHekJeYjRvctIVbjAWTR1bAmvgUwbliFnUE9FLbNdAau4w4aVJJuZdUB5bwDw5Jb9 zkUoKsyasTwVbC2BlmWA94OTBS3Es6AeZwCn2tdWahNLXcdKUS9g24aHcgvnJE5N5ls7 4TDoDWZ+qPW6Jd8Qj0eU+BeuQqsUWFJ3m3abCmkktvF8VcmBuSOmNdr8reBP2uwkHolU ZYc3A46u5uPY2hpzQcGZFlzz2cYgBu+i65fZEzoKXMaBj8fr6pXYcZ//JCRAodplmzHV x8Fw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763580373; x=1764185173; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=OsDI4EcytM83uXEVicAepPmtugwhjJeBn9+AXoCPxOo=; b=FAxOgb4e+oaY+RX7HNnWxEgVO2H9b0fXiJHV+QSlpzIc1XuL5LaQcnfthAXBE7sS1a rfbxiNcADu8RCARl4Fa6xcAQDewFcHpOpH2r5GCGTeDMy4ks/A7ULpr5tQ8OgCi6gjzE 5LUVwJ6EmMQV2TBUIZQCuznrVMmpsQdAv4B4iet8H6Kn/E09IWTof3QU82FyKEbBh+bR nHcezv3W7eeLjVxPzLd7yyg9v0y+bShJ/bPluzpWgP0WVxV7Bw3AQuvXeiu3WxUvQBKU WrshQbWHdJkqPuPgkIgFTShO9ZdChZxa+PhbMUyS+sJP7e4DCsu7YcOtrfniTublscW7 SLYQ== X-Forwarded-Encrypted: i=1; AJvYcCUeTsGJyC7HOM6TD0qhyqSbqfEoWJkUMmg6e8+5gSHqrpcU+vXicsjQttnYa/a+v0PbgpGQwD1BBF/Vze6M@postgresql.org X-Gm-Message-State: AOJu0YwJIx6SohWI5/8egsJigclfSTvB3eJkaLp20sb71GpogW+98wuP Gik8vRjsj4eu9ZzhFAJxssaE8x72yY3a5u6Wbsd25yQn/22aRzKYvRomkqwNs3+nFfjoRNK/a1h wvZ+h+ce7NayCmCfPwt8Wa6WmgXkVg9Q7fzMr3CRY X-Gm-Gg: ASbGncuKybr89aHeeHf3AGWckI2OUxtMRwgFgNZt9D4T11/3Od8lmNzwYc3J5xFskqp 2bUe+eYJQECHdh1oVkzzvZTI3k5LggafNkUPAZvfvjy4zPWtpYeqDxC2tp+w7fGSlRxeU649mBi SUIBlyf0XRihqldN/4zG0tz0y5ndtXD3yLmQtOFIvn8cZWujwi6Bqdd6llkafQZ0mBQss08thrE kJqFLILHInS05P2W+aAQIsS27ukwQ6uWMrAgF6Qwf8rZyAdDAaYOa9o4xvrfLyfFD8MR1xTwA== X-Google-Smtp-Source: AGHT+IFbQIsn0dOvEDUQ0cF7gfyzrBD3OsmPqaEjjsaqISy19MHaov+Nfv1A5Q7WjhtRlwIwiuwKYV1s5KNyhoAbNi4= X-Received: by 2002:a05:6214:458d:b0:880:5edf:d135 with SMTP id 6a1803df08f44-8846e1cf609mr6242186d6.53.1763580373594; Wed, 19 Nov 2025 11:26:13 -0800 (PST) MIME-Version: 1.0 References: <16a91d02795cb991963326a902afa764e4d721db.camel@gmail.com> <3D82D240-1CC5-4CE6-BE30-6065B693D40C@yesql.se> In-Reply-To: From: Jacob Champion Date: Wed, 19 Nov 2025 11:26:02 -0800 X-Gm-Features: AWmQ_bknFnXOcpUfJJDVik65BdebLO9-yO2fiDnv95QhpVQLJjvS0uoa50Fcl2E Message-ID: Subject: Re: Make PGOAUTHCAFILE in libpq-oauth work out of debug mode To: Zsolt Parragi Cc: Daniel Gustafsson , "Jonathan Gonzalez V." , PostgreSQL Hackers Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Mon, Nov 3, 2025 at 8:53=E2=80=AFAM Zsolt Parragi wrote: > On Mon, Nov 3, 2025 at 4:25=E2=80=AFPM Jacob Champion > wrote: > > The reason I ask is that we'd briefly talked about splitting > > PGOAUTHDEBUG into more granular settings than just "off" and "UNSAFE". > > That's more similar to the direction I considered going, I've added a stub summary for this, too: https://wiki.postgresql.org/wiki/Proposal:_Split_up_PGOAUTHDEBUG > I was > thinking about adding a PGOAUTHDEBUG=3Dhttp option. That way there's no > need for self signed certificates, and it's easier to explain to users > that this just allows a less secure quick http setup. I think it's important to keep unsafe options labelled as such, but I agree this would be helpful. I'm not sure if we have prior art for expressing bitflags in Postgres envvars, other than maybe PGREQUIREAUTH. A comma-separated list would be easy to do. We could name these things according to whether they're unsafe or not, like PGOAUTHDEBUG=3DUNSAFE-http,UNSAFE-trace,print-counts Or maybe that's too verbose, and we could say that to use any of the unsafe options, you have to say it up front: # http and trace are dangerous PGOAUTHDEBUG=3DUNSAFE:http,trace,print-counts # these two are safe PGOAUTHDEBUG=3Dprint-counts,print-plugin-errors Or something else? Since this is developer-facing, I don't think it has to necessarily be intuitive for end users, as long as the lack of safety remains obvious to them. We can just focus on ergonomics for us. Thanks, --Jacob