Re: [PATCH] Include application_name in "connection authorized" log message

Greetings,

* Don Seiler (don(at)seiler(dot)us) wrote:
> On Mon, Jul 30, 2018 at 5:20 AM, Peter Eisentraut <
> peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:
>
> > On 13/07/2018 20:20, Don Seiler wrote:
> > > See attached for latest revision.
> >
> > This doesn't compile with SSL enabled because there is a comma missing.
>
> Hmm I'll check this out tonight. Sorry I wasn't able to get to this until
> now.

Thanks.

> > This implementation doesn't run the application_name through
> > check_application_name(), so it could end up logging application_name
> > values that are otherwise not acceptable. I'm not sure of the best way
> > to fix that.
>
> Is the concern that any user can set their client's application name value
> to any string they want? Is there a reason we can't call
> check_application_name() before setting it in the Port struct in
> postmaster.c?

I've not looked very closely, but I don't think it's necessairly a big
deal to print out the application name provided by the client system
into the log before we run check_application_name(), as long as there
isn't any risk that printing it out or passing it around without
performing that check will cause incorrect operation or such.

I'm guessing it's not easy because check_application_name() isn't easily
available from where we're wanting to print it out or earlier, but,
again, haven't looked closely. If you aren't sure or run into issues,
feel free to ping me on slack and I'll be happy to help.

Thanks!

Stephen