| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Dave Page <dpage(at)pgadmin(dot)org> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Application name patch - v4 |
| Date: | 2009-11-28 23:47:49 |
| Message-ID: | 14808.1259452069@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Dave Page <dpage(at)pgadmin(dot)org> writes:
> Updated application name patch, including a GUC assign hook to clean
> the application name of any unsafe characters, per discussion.
Applied with assorted editorialization. There were a couple of
definitional issues that I don't recall if we had consensus on:
1. The patch prevents non-superusers from seeing other users'
application names in pg_stat_activity. This seems at best pretty
debatable to me. Yes, it supports usages in which you want to put
security-sensitive information into the appname, but at the cost of
disabling (perfectly reasonable) usages where you don't. If we made
the app name universally visible, people simply wouldn't put security
sensitive info in it, the same as they don't put it on the command line.
Should we change this?
(While I'm looking at it, I wonder why client_addr and client_port
are similarly hidden.)
2. I am wondering if we should mark application_name as
GUC_NO_RESET_ALL. As-is, the value sent at libpq initialization
will be lost during RESET ALL, which would probably surprise people.
On the other hand, not resetting it might surprise other people.
If we were able to send it in the startup packet then this wouldn't
be a problem, but we are far from being able to do that.
Comments?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua Tolley | 2009-11-29 00:27:14 | Re: Application name patch - v4 |
| Previous Message | Tom Lane | 2009-11-28 18:59:14 | Re: Writeable CTE patch |