Re: Application name patch - v4

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Dave Page <dpage(at)pgadmin(dot)org>
Cc: PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Application name patch - v4
Date: 2009-11-29 17:22:31
Message-ID: 16638.1259515351@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Dave Page <dpage(at)pgadmin(dot)org> writes:
> On Sat, Nov 28, 2009 at 11:47 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> 1. The patch prevents non-superusers from seeing other users'
>> application names in pg_stat_activity. This seems at best pretty
>> debatable to me. Yes, it supports usages in which you want to put
>> security-sensitive information into the appname, but at the cost of
>> disabling (perfectly reasonable) usages where you don't. If we made
>> the app name universally visible, people simply wouldn't put security
>> sensitive info in it, the same as they don't put it on the command line.
>> Should we change this?

> Uh, yeah, I guess. That wasn't a concious decision, more a copy n
> paste inherited 'feature'.

OK. Everybody seems to agree it should not be hidden, so I'll go change
that.

>> 2. I am wondering if we should mark application_name as
>> GUC_NO_RESET_ALL.

> I think we should use GUC_NO_RESET_ALL.

I agree with you, but it seems we have at least as many votes to not do
that. Any other votes out there?

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Bruce Momjian 2009-11-29 18:16:32 Re: cvs chapters in our docs
Previous Message Magnus Hagander 2009-11-29 17:09:04 Re: LDAP where DN does not include UID attribute