Re: pg_stat_ssl additions

From: Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>
To: Lou Picciano <LouPicciano(at)comcast(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Bruce Momjian <bruce(at)momjian(dot)us>, Kyotaro HORIGUCHI <horiguchi(dot)kyotaro(at)lab(dot)ntt(dot)co(dot)jp>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: pg_stat_ssl additions
Date: 2018-12-01 13:41:42
Message-ID: 1b84688b-92c0-27fb-eba5-975ab2c45574@2ndquadrant.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Updated patch with the renamed columns.

On 29/11/2018 14:49, Peter Eisentraut wrote:
> On 29/11/2018 01:27, Lou Picciano wrote:
>> Further, I’m not sure exposing details about Cert Issuer, etc. to
>> non-privileged users is much of an issue. For the most part, in most use
>> cases, ‘users’ should//would/ want to know what entity is the issuer. If
>> we’re talking about client certs, most of this is readily readable
>> anyway, no?
>
> The debate is whether an unprivileged user should be able to read the
> SSL information of *other* users' connections.
>
> My opinion is no.

I propose to address this as a separate patch later on.

--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

Attachment Content-Type Size
v3-0001-doc-Add-link-from-sslinfo-to-pg_stat_ssl.patch text/plain 941 bytes
v3-0002-Add-tests-for-pg_stat_ssl-system-view.patch text/plain 1.7 KB
v3-0003-Fix-pg_stat_ssl.clientdn.patch text/plain 1.7 KB
v3-0004-Add-more-columns-to-pg_stat_ssl.patch text/plain 14.6 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2018-12-01 17:06:36 Re: Bug fix for glibc broke freebsd build in REL_11_STABLE
Previous Message Amit Kapila 2018-12-01 13:39:02 Re: Inadequate executor locking of indexes