Skip site navigation (1) Skip section navigation (2)

Re: Application name patch - v4

From: Andres Freund <andres(at)anarazel(dot)de>
To: pgsql-hackers(at)postgresql(dot)org
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Dave Page <dpage(at)pgadmin(dot)org>
Subject: Re: Application name patch - v4
Date: 2009-11-29 00:51:21
Message-ID: 200911290151.21921.andres@anarazel.de (view raw or flat)
Thread:
Lists: pgsql-hackers
On Sunday 29 November 2009 00:47:49 Tom Lane wrote:
> Dave Page <dpage(at)pgadmin(dot)org> writes:
> > Updated application name patch, including a GUC assign hook to clean
> > the application name of any unsafe characters, per discussion.
> 
> Applied with assorted editorialization.  There were a couple of
> definitional issues that I don't recall if we had consensus on:
> 
> 1. The patch prevents non-superusers from seeing other users'
> application names in pg_stat_activity.  This seems at best pretty
> debatable to me.  Yes, it supports usages in which you want to put
> security-sensitive information into the appname, but at the cost of
> disabling (perfectly reasonable) usages where you don't.  If we made
> the app name universally visible, people simply wouldn't put security
> sensitive info in it, the same as they don't put it on the command line.
> Should we change this?
I personally would prefer if it were not protected and explicitly documented 
as such - I cant really see a use case where one would want to store something 
really private in there.

> (While I'm looking at it, I wonder why client_addr and client_port
> are similarly hidden.)
In a shared hosting environment this is somewhat sensible - afair some data 
protection laws even require that nobody except the designated receiver of 
information is able to get that information.
Whether shared hosting is sensible is another matter.

> 2. I am wondering if we should mark application_name as
> GUC_NO_RESET_ALL.  As-is, the value sent at libpq initialization
> will be lost during RESET ALL, which would probably surprise people.
> On the other hand, not resetting it might surprise other people.
> If we were able to send it in the startup packet then this wouldn't
> be a problem, but we are far from being able to do that.
One possibility would be to make it possible to issue SETs that behave as if 
set in a startup packet - imho its an implementation detail that SET currently 
is used.

Andres

In response to

pgsql-hackers by date

Next:From: Robert HaasDate: 2009-11-29 01:34:16
Subject: Re: Application name patch - v4
Previous:From: Joshua TolleyDate: 2009-11-29 00:27:14
Subject: Re: Application name patch - v4

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group