| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Bruce Momjian <bruce(at)momjian(dot)us>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Information of pg_stat_ssl visible to all users |
| Date: | 2015-08-31 12:31:16 |
| Message-ID: | 20150831123116.GT31526@awork2.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2015-08-31 14:29:10 +0200, Andres Freund wrote:
> On 2015-08-31 21:17:48 +0900, Michael Paquier wrote:
> > How can you be sure as well that all such deployments would use random
> > CN fields and/or random usernames? We have no guarantee of that as
> > well.
>
> Sorry, but this is a bit ridiculous.
And this email was incomplete, sorry for that.
The username isn't guaranteed to be randomized. Application name will
very rarely be given it's set by the client. We show all of that
today. To me the fix for all this is to actually improve the situation
(by allowing proper permissions on pg_stat_activity) rather than incur
pain to everyone because of an absolutely marginal improvement in
security.
Greetings,
Andres Freund
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2015-08-31 13:06:27 | Re: Information of pg_stat_ssl visible to all users |
| Previous Message | Andres Freund | 2015-08-31 12:29:10 | Re: Information of pg_stat_ssl visible to all users |