Re: More detailed auth info - Mailing list pgsql-hackers

From Tom Lane
Subject Re: More detailed auth info
Date
Msg-id 9339.1295621486@sss.pgh.pa.us
Whole thread Raw
In response to More detailed auth info  (Magnus Hagander <magnus@hagander.net>)
Responses Re: More detailed auth info
List pgsql-hackers
Magnus Hagander <magnus@hagander.net> writes:
> I came across a case this week where I wanted to be able to determine
> more detailed auth information on already logged in sessions - not
> from the client, but from the server. In this specific case, I wanted
> to examine the "is ssl" flag on the connection. But I can see other
> things being interesting, such as which user is on the other end (when
> pg_ident is in use), more detailed SSL information, full kerberos
> principal when kerberos in use etc.

> I doubt this is common enough to want to stick it in pg_stat_activity
> though, but what do people think? And if not there, as a separate view
> or just as a function to call (e.g.
> pg_get_detailed_authinfo(<backendpid>))

By and large, it's been thought to be a possible security hole to expose
such information, except possibly in the postmaster log.  I'm certainly
*not* in favor of creating a view for it.
        regards, tom lane


pgsql-hackers by date:

Previous
From: "Kevin Grittner"
Date:
Subject: Re: SSI and Hot Standby
Next
From: Anssi Kääriäinen
Date:
Subject: Re: SSI and Hot Standby