Home > mailing lists

Re: Information of pg_stat_ssl visible to all users - Mailing list pgsql-hackers

From	Magnus Hagander
Subject	Re: Information of pg_stat_ssl visible to all users
Date	August 31, 2015 15:04:44
Msg-id	CABUevEw5hbgFjKjDB3a16n+jzP4o-O_nyBYUm4zy9kCwS5RqZw@mail.gmail.com Whole thread Raw
In response to	Re: Information of pg_stat_ssl visible to all users (Michael Paquier <michael.paquier@gmail.com>)
Responses	Re: Information of pg_stat_ssl visible to all users
List	pgsql-hackers

Tree view

On Sun, Aug 30, 2015 at 5:35 AM, Michael Paquier <michael.paquier@gmail.com> wrote:

On Sun, Aug 30, 2015 at 5:27 AM, Bruce Momjian wrote:
I know I am coming in late here, but I know Heroku uses random user
names to allow a cluster to have per-user databases without showing
external user name details:
[...]
I can see them having problems with a user being able to see the SSL
remote user names of all connected users.

Yep, and I can imagine that this is the case of any company managing cloud nodes with Postgres embedded, and at least to me that's a real concern.

How is it a concern that a CN field with a random username in it is visible, when showing the actual random username isn't? That's not very consistent...

Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

pgsql-hackers by date:

From: Magnus Hagander
Date: 31 August 2015, 15:04:08
Subject: Re: Information of pg_stat_ssl visible to all users

From: Magnus Hagander
Date: 31 August 2015, 15:14:02
Subject: Re: Commitfest remaining "Needs Review" items

Re: Information of pg_stat_ssl visible to all users - Mailing list pgsql-hackers

Previous

Next