Re: Information of pg_stat_ssl visible to all users - Mailing list pgsql-hackers

From Stephen Frost
Subject Re: Information of pg_stat_ssl visible to all users
Date
Msg-id 20150830153328.GI3685@tamriel.snowman.net
Whole thread Raw
In response to Re: Information of pg_stat_ssl visible to all users  (Michael Paquier <michael.paquier@gmail.com>)
Responses Re: Information of pg_stat_ssl visible to all users
List pgsql-hackers
* Michael Paquier (michael.paquier@gmail.com) wrote:
> On Sun, Aug 30, 2015 at 5:27 AM, Bruce Momjian wrote:
>
> > I know I am coming in late here, but I know Heroku uses random user
> > names to allow a cluster to have per-user databases without showing
> > external user name details:
> > [...]
> > I can see them having problems with a user being able to see the SSL
> > remote user names of all connected users.
> >
>
> Yep, and I can imagine that this is the case of any company managing cloud
> nodes with Postgres embedded, and at least to me that's a real concern.

Yeah, I'm not really thrilled with all of this information being
available to everyone on the system.  We already get ding'd by people
for not limiting who can see what connections there are to the database
and this is doubling-down on that.
Thanks!
    Stephen

pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: WIP: About CMake v2
Next
From: Andres Freund
Date:
Subject: Re: Information of pg_stat_ssl visible to all users