Re: Information of pg_stat_ssl visible to all users - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Information of pg_stat_ssl visible to all users
Date
Msg-id 26947.1436288278@sss.pgh.pa.us
Whole thread Raw
In response to Re: Information of pg_stat_ssl visible to all users  (Andres Freund <andres@anarazel.de>)
Responses Re: Information of pg_stat_ssl visible to all users
List pgsql-hackers
Andres Freund <andres@anarazel.de> writes:
> On 2015-07-07 12:03:36 -0400, Peter Eisentraut wrote:
>> I think the DN is analogous to the remote user name, which we don't
>> expose for any of the other authentication methods.

> Huh?

Peter's exactly right: there is no other case where you can tell what
some other connection's actual OS username is.  You might *guess* that
it's the same as their database username, but you don't know that,
assuming you don't know how they authenticated.

I'm not sure how security-critical this info really is, though.
        regards, tom lane



pgsql-hackers by date:

Previous
From: Josh Berkus
Date:
Subject: Re: 9.5 alpha: some small comments on BRIN and btree_gin
Next
From: Fujii Masao
Date:
Subject: Re: [PATCH] correct the initdb.log path for pg_regress