On Fri, Jan 21, 2011 at 15:51, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Magnus Hagander <magnus@hagander.net> writes:
>> I came across a case this week where I wanted to be able to determine
>> more detailed auth information on already logged in sessions - not
>> from the client, but from the server. In this specific case, I wanted
>> to examine the "is ssl" flag on the connection. But I can see other
>> things being interesting, such as which user is on the other end (when
>> pg_ident is in use), more detailed SSL information, full kerberos
>> principal when kerberos in use etc.
>
>> I doubt this is common enough to want to stick it in pg_stat_activity
>> though, but what do people think? And if not there, as a separate view
>> or just as a function to call (e.g.
>> pg_get_detailed_authinfo(<backendpid>))
>
> By and large, it's been thought to be a possible security hole to expose
> such information, except possibly in the postmaster log. I'm certainly
> *not* in favor of creating a view for it.
Well, it would obviously be superuser only.
Would you object to a function as well?
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/