| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | pgsql-hackers(at)lists(dot)postgresql(dot)org,Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>,Don Seiler <don(at)seiler(dot)us>,Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Subject: | Re: [PATCH] Include application_name in "connection authorized" log message |
| Date: | 2018-09-27 21:59:01 |
| Message-ID: | EEB170C3-EED7-402B-9A9F-CCB7AA21DB2D@anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On September 27, 2018 2:55:56 PM PDT, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>Greetings,
>
>* Andres Freund (andres(at)anarazel(dot)de) wrote:
>> On 2018-09-27 17:41:56 -0400, Stephen Frost wrote:
>> > Of course, if I'm missing something as to why the ascii-cleaning
>makes
>> > sense or is necessary, I'm all ears, but I'm just not seeing it.
>>
>> There's many reasons. For example you can send terminal control
>> characters to the server. When somebody then looks at the log, you
>can
>> screw with them pretty good, unless they're always careful to go
>through
>> less (without -r). We should be *more* not *less* careful about this
>> kind of hting.
>
>I seriously doubt we're going to start stripping usernames down to
>ASCII
>for them to be displayed in the log file.
So? As you say, they are much more control from the a admins of the server. I guess at some point we should have more expansive whitelisting than just ASCII, but that seems separate.
Andres
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2018-09-27 22:24:31 | Re: [PATCH] Include application_name in "connection authorized" log message |
| Previous Message | Stephen Frost | 2018-09-27 21:55:56 | Re: [PATCH] Include application_name in "connection authorized" log message |