Home > mailing lists

Re: Information of pg_stat_ssl visible to all users - Mailing list pgsql-hackers

From	Michael Paquier
Subject	Re: Information of pg_stat_ssl visible to all users
Date	August 31, 2015 15:17:52
Msg-id	CAB7nPqR2Pk6eX9A2ns7rf-rpG+Cdq79rV_gXAQMF6aYD-HTEsA@mail.gmail.com Whole thread Raw
In response to	Re: Information of pg_stat_ssl visible to all users (Magnus Hagander <magnus@hagander.net>)
Responses	Re: Information of pg_stat_ssl visible to all users (Magnus Hagander <magnus@hagander.net>) Re: Information of pg_stat_ssl visible to all users (Andres Freund <andres@anarazel.de>)
List	pgsql-hackers

Tree view

On Mon, Aug 31, 2015 at 9:04 PM, Magnus Hagander <magnus@hagander.net> wrote:
>
>
> On Sun, Aug 30, 2015 at 5:35 AM, Michael Paquier <michael.paquier@gmail.com>
> wrote:
>>
>>
>>
>> On Sun, Aug 30, 2015 at 5:27 AM, Bruce Momjian wrote:
>>>
>>> I know I am coming in late here, but I know Heroku uses random user
>>> names to allow a cluster to have per-user databases without showing
>>> external user name details:
>>> [...]
>>> I can see them having problems with a user being able to see the SSL
>>> remote user names of all connected users.
>>
>>
>> Yep, and I can imagine that this is the case of any company managing cloud
>> nodes with Postgres embedded, and at least to me that's a real concern.
>
>
>
> How is it a concern that  a CN field with a random username in it is
> visible, when showing the actual random username isn't? That's not very
> consistent...

How can you be sure as well that all such deployments would use random
CN fields and/or random usernames? We have no guarantee of that as
well.
-- 
Michael

pgsql-hackers by date:

From: Michael Paquier
Date: 31 August 2015, 15:16:45
Subject: Re: Commitfest remaining "Needs Review" items

From: Magnus Hagander
Date: 31 August 2015, 15:27:04
Subject: Re: Information of pg_stat_ssl visible to all users

Re: Information of pg_stat_ssl visible to all users - Mailing list pgsql-hackers

Previous

Next