Re: Information of pg_stat_ssl visible to all users

On Tue, Jul 7, 2015 at 12:57:58PM -0400, Tom Lane wrote:
> Andres Freund <andres(at)anarazel(dot)de> writes:
> > On 2015-07-07 12:03:36 -0400, Peter Eisentraut wrote:
> >> I think the DN is analogous to the remote user name, which we don't
> >> expose for any of the other authentication methods.
>
> > Huh?
>
> Peter's exactly right: there is no other case where you can tell what
> some other connection's actual OS username is. You might *guess* that
> it's the same as their database username, but you don't know that,
> assuming you don't know how they authenticated.
>
> I'm not sure how security-critical this info really is, though.

I know I am coming in late here, but I know Heroku uses random user
names to allow a cluster to have per-user databases without showing
external user name details:

=> \du
List of roles
Role name | Attributes | Member of
----------------+------------------------------------------------+-----------
aafgrwewediiqz | 20 connections | {}
aaszwkfnholarh | 20 connections | {}
aatbelxbaeriwy | 20 connections | {}
aaxiwolkcxmbxo | 20 connections | {}
abbyljzgqaonjb | 20 connections | {}

I can see them having problems with a user being able to see the SSL
remote user names of all connected users.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ Everyone has their own god. +