2009/10/19 Dave Page <dpage@pgadmin.org>:
> On Mon, Oct 19, 2009 at 10:22 AM, Pavel Stehule <pavel.stehule@gmail.com> wrote:
>> 2009/10/19 Dave Page <dpage@pgadmin.org>:
>>> On Mon, Oct 19, 2009 at 10:01 AM, Pavel Stehule <pavel.stehule@gmail.com> wrote:
>>>
>>>> There are some log parser's and analysers. So people use reduced log
>>>> often. The reductions rules should be based on application name. Why
>>>> not? And when somebody modifies to appliacation name, then these logs
>>>> finish in '/dev/null.
>>>
>>> So if your insecure app worries you, just don't use %a in the log
>>> prefix, or ignore the column in the CSV logs.
>>
>> I'll know so %a is insecure, but what other users? Every live
>> application is potencially insecure. I agree, so this value is useful
>> for debuging, but with proposed features the value is diskutable.
>
> %a is not 'insecure'. It's user-configurable. There's a difference.
>
> If you don't trust your application or your users not to change the
> application name, then don't rely on it in your logs or stats. For
> other users that do trust their app and don't expect their users to be
> going out of their way to mislead the DBA, this can be a useful
> feature, as it's proven to be for others that have used the equivalent
> facilities in other DBMSs.
I thing, so it should be more useful for DBA - mostly databases are
used in web sphere, if write access should be configurable. I
understand, so in local application nobody have to be paranoic and
restricted access looks unuseful, but on web sphere you have to be
paranoic and there the application name should be immutable in
session. I like to use this value too, really. But I am working mostly
with web applications, and I see risks.
Pavel
>
> --
> Dave Page
> EnterpriseDB UK: http://www.enterprisedb.com
>
