| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Harold Giménez <harold(at)heroku(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net>, Craig Ringer <craig(at)2ndquadrant(dot)com>, Heikki Linnakangas <hlinnakangas(at)vmware(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: proposal: hide application_name from other users |
| Date: | 2014-01-22 00:19:10 |
| Message-ID: | 20140122001910.GH29396@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Jan 21, 2014 at 04:06:46PM -0800, Harold Giménez wrote:
> I don't know of a client where it can't be overridden. The friction
> occurs when by default it sets it to something useful to a developer
> (useful eg: to find what process is holding a lock), but is not
> possible to conceal from other users on the same cluster. If this were
> an in-premise or private cluster the point is moot.
>
> Furthermore consider when even using application_name for it's
> original intended use. On a shared environment as I'm describing here,
> that makes it possible for an attacker to identify what apps connect
> to a given server, or on the other hand is a way to find out where a
> given application stores its data, which can be used for a more
> targeted attack.
So security through obscurity? Why wouldn't the attacker just try all
the app methods at once and not even bother looking at the application
name?
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ Everyone has their own god. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2014-01-22 00:21:05 | Re: Hard limit on WAL space used (because PANIC sucks) |
| Previous Message | Simon Riggs | 2014-01-22 00:18:36 | Re: Hard limit on WAL space used (because PANIC sucks) |