Re: Proposal: Save user's original authenticated identity for logging - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Proposal: Save user's original authenticated identity for logging
Date
Msg-id 3085085.1612108181@sss.pgh.pa.us
Whole thread Raw
In response to Re: Proposal: Save user's original authenticated identity for logging  (Magnus Hagander <magnus@hagander.net>)
List pgsql-hackers
Magnus Hagander <magnus@hagander.net> writes:
> On Sat, Jan 30, 2021 at 12:40 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> I remain concerned about the cost and inconvenience of exposing
>> it via log_line_prefix, but at least that shouldn't be visible
>> to anyone who's not entitled to know who's logged in ...

> What if we logged it as part of log_connection=on, but only there and
> only once? It could still be traced through the rest of that sessions
> logging using the fields identifying the session, and we'd only end up
> logging it once.

I'm certainly fine with including this info in the log_connection output.
Perhaps it'd also be good to have a superuser-only column in
pg_stat_activity, or some other restricted way to get the info from an
existing session.  I doubt we really want a log_line_prefix option.

            regards, tom lane



pgsql-hackers by date:

Previous
From: Greg Stark
Date:
Subject: Re: Proposal: Save user's original authenticated identity for logging
Next
From: Tom Lane
Date:
Subject: Re: Proposal: Save user's original authenticated identity for logging