| From: | Andres Freund <andres(at)2ndquadrant(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Josh Berkus <josh(at)agliodbs(dot)com>, Craig Ringer <craig(at)2ndquadrant(dot)com>, Heikki Linnakangas <hlinnakangas(at)vmware(dot)com>, Harold Giménez <harold(at)heroku(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: proposal: hide application_name from other users |
| Date: | 2014-01-22 01:21:49 |
| Message-ID: | 20140122012149.GH32729@awork2.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2014-01-21 20:18:54 -0500, Stephen Frost wrote:
> > > Don't know what folks think of removing those in-the-function checks in
> > > favor of trusting the grant/revoke system to not allow those functions
> > > to be called unless you have EXECUTE privileges on them..
> >
> > Well, they *do* return some information when called without superuser
> > privileges. Just not all columns for all sessions. I don't think you can
> > achieve that with anything in our permission system.
>
> We'd have to address those issues somehow, certainly. The general
> thrust of my thought was if we'd ever feel comfortable trusting the
> GRANT/REVOKE permission system instead of places what we currently have
> if(superuser()) checks or similar.
I think the only realistic thing is a "monitoring" capability, like we
have "replication". GRANT/REVOKE doesn't even come close to being able
to generically allow to grant permissions of even the moderate
complexity pg_stat_get_activity() has.
Greetings,
Andres Freund
--
Andres Freund http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mark Kirkwood | 2014-01-22 01:22:37 | Re: proposal: hide application_name from other users |
| Previous Message | Stephen Frost | 2014-01-22 01:18:54 | Re: proposal: hide application_name from other users |