Re: Information of pg_stat_ssl visible to all users - Mailing list pgsql-hackers

From Andres Freund
Subject Re: Information of pg_stat_ssl visible to all users
Date
Msg-id 20150831123116.GT31526@awork2.anarazel.de
Whole thread Raw
In response to Re: Information of pg_stat_ssl visible to all users  (Andres Freund <andres@anarazel.de>)
List pgsql-hackers
On 2015-08-31 14:29:10 +0200, Andres Freund wrote:
> On 2015-08-31 21:17:48 +0900, Michael Paquier wrote:
> > How can you be sure as well that all such deployments would use random
> > CN fields and/or random usernames? We have no guarantee of that as
> > well.
> 
> Sorry, but this is a bit ridiculous.

And this email was incomplete, sorry for that.

The username isn't guaranteed to be randomized. Application name will
very rarely be given it's set by the client. We show all of that
today. To me the fix for all this is to actually improve the situation
(by allowing proper permissions on pg_stat_activity) rather than incur
pain to everyone because of an absolutely marginal improvement in
security.

Greetings,

Andres Freund



pgsql-hackers by date:

Previous
From: Andres Freund
Date:
Subject: Re: Information of pg_stat_ssl visible to all users
Next
From: Stephen Frost
Date:
Subject: Re: Information of pg_stat_ssl visible to all users