| From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andres Freund <andres(at)anarazel(dot)de>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Information of pg_stat_ssl visible to all users |
| Date: | 2015-08-31 12:17:48 |
| Message-ID: | CAB7nPqR2Pk6eX9A2ns7rf-rpG+Cdq79rV_gXAQMF6aYD-HTEsA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Aug 31, 2015 at 9:04 PM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
>
>
> On Sun, Aug 30, 2015 at 5:35 AM, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
> wrote:
>>
>>
>>
>> On Sun, Aug 30, 2015 at 5:27 AM, Bruce Momjian wrote:
>>>
>>> I know I am coming in late here, but I know Heroku uses random user
>>> names to allow a cluster to have per-user databases without showing
>>> external user name details:
>>> [...]
>>> I can see them having problems with a user being able to see the SSL
>>> remote user names of all connected users.
>>
>>
>> Yep, and I can imagine that this is the case of any company managing cloud
>> nodes with Postgres embedded, and at least to me that's a real concern.
>
>
>
> How is it a concern that a CN field with a random username in it is
> visible, when showing the actual random username isn't? That's not very
> consistent...
How can you be sure as well that all such deployments would use random
CN fields and/or random usernames? We have no guarantee of that as
well.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2015-08-31 12:26:51 | Re: Information of pg_stat_ssl visible to all users |
| Previous Message | Michael Paquier | 2015-08-31 12:16:35 | Re: Commitfest remaining "Needs Review" items |