| From: | Josh Berkus <josh(at)agliodbs(dot)com> |
|---|---|
| To: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Greg Stark <stark(at)mit(dot)edu>, Magnus Hagander <magnus(at)hagander(dot)net>, Harold Giménez <harold(at)heroku(dot)com>, Mark Kirkwood <mark(dot)kirkwood(at)catalyst(dot)net(dot)nz>, Bruce Momjian <bruce(at)momjian(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net>, Craig Ringer <craig(at)2ndquadrant(dot)com>, Heikki Linnakangas <hlinnakangas(at)vmware(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: proposal: hide application_name from other users |
| Date: | 2014-01-29 19:25:25 |
| Message-ID: | 52E955A5.5070602@agliodbs.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 01/29/2014 10:19 AM, Simon Riggs wrote:
> No specific reason that I can recall but replication is heavily
> protected by layers of security.
>
> pg_stat_replication is a join with pg_stat_activity, so some of the
> info is open, some closed. It seems possible to relax that.
I'm all for the idea of "restrict, then open up". That is, it made
sense to start with data restricted, but then unrestrict is as we know
it's OK. Going the other way generally isn't possible, as this patch
demonstrates.
> Presumably the current patch is returned with feedback? Or can we fix
> these problems by inventing a new user aspect called MONITOR (similar
> to REPLICATION)? We can grant application_name and replication details
> to that.
Yeah, except I don't see doing the MONITOR thing for 9.4. We'd need a
spec for it first.
--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Vik Fearing | 2014-01-29 19:30:48 | Re: pg_sleep_enhancements.patch |
| Previous Message | Pavel Stehule | 2014-01-29 19:21:46 | Re: pg_sleep_enhancements.patch |