From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andres Freund <andres(at)anarazel(dot)de>, Peter Eisentraut <peter_e(at)gmx(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Information of pg_stat_ssl visible to all users |
Date: | 2015-08-30 15:33:28 |
Message-ID: | 20150830153328.GI3685@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
* Michael Paquier (michael(dot)paquier(at)gmail(dot)com) wrote:
> On Sun, Aug 30, 2015 at 5:27 AM, Bruce Momjian wrote:
>
> > I know I am coming in late here, but I know Heroku uses random user
> > names to allow a cluster to have per-user databases without showing
> > external user name details:
> > [...]
> > I can see them having problems with a user being able to see the SSL
> > remote user names of all connected users.
> >
>
> Yep, and I can imagine that this is the case of any company managing cloud
> nodes with Postgres embedded, and at least to me that's a real concern.
Yeah, I'm not really thrilled with all of this information being
available to everyone on the system. We already get ding'd by people
for not limiting who can see what connections there are to the database
and this is doubling-down on that.
Thanks!
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Andres Freund | 2015-08-30 15:35:41 | Re: Information of pg_stat_ssl visible to all users |
Previous Message | Tom Lane | 2015-08-30 15:32:08 | Re: WIP: About CMake v2 |