| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Information of pg_stat_ssl visible to all users |
| Date: | 2015-07-07 16:57:58 |
| Message-ID: | 26947.1436288278@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Andres Freund <andres(at)anarazel(dot)de> writes:
> On 2015-07-07 12:03:36 -0400, Peter Eisentraut wrote:
>> I think the DN is analogous to the remote user name, which we don't
>> expose for any of the other authentication methods.
> Huh?
Peter's exactly right: there is no other case where you can tell what
some other connection's actual OS username is. You might *guess* that
it's the same as their database username, but you don't know that,
assuming you don't know how they authenticated.
I'm not sure how security-critical this info really is, though.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fujii Masao | 2015-07-07 16:58:26 | Re: [PATCH] correct the initdb.log path for pg_regress |
| Previous Message | Josh Berkus | 2015-07-07 16:54:50 | Re: 9.5 alpha: some small comments on BRIN and btree_gin |