| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andres Freund <andres(at)anarazel(dot)de>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Information of pg_stat_ssl visible to all users |
| Date: | 2015-08-31 12:04:38 |
| Message-ID: | CABUevEw5hbgFjKjDB3a16n+jzP4o-O_nyBYUm4zy9kCwS5RqZw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, Aug 30, 2015 at 5:35 AM, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
wrote:
>
>
> On Sun, Aug 30, 2015 at 5:27 AM, Bruce Momjian wrote:
>
>> I know I am coming in late here, but I know Heroku uses random user
>> names to allow a cluster to have per-user databases without showing
>> external user name details:
>> [...]
>> I can see them having problems with a user being able to see the SSL
>> remote user names of all connected users.
>>
>
> Yep, and I can imagine that this is the case of any company managing cloud
> nodes with Postgres embedded, and at least to me that's a real concern.
>
How is it a concern that a CN field with a random username in it is
visible, when showing the actual random username isn't? That's not very
consistent...
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2015-08-31 12:13:56 | Re: Commitfest remaining "Needs Review" items |
| Previous Message | Magnus Hagander | 2015-08-31 12:04:03 | Re: Information of pg_stat_ssl visible to all users |