| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Dave Page <dpage(at)pgadmin(dot)org> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Application name patch - v4 |
| Date: | 2009-11-29 17:22:31 |
| Message-ID: | 16638.1259515351@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Dave Page <dpage(at)pgadmin(dot)org> writes:
> On Sat, Nov 28, 2009 at 11:47 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> 1. The patch prevents non-superusers from seeing other users'
>> application names in pg_stat_activity. This seems at best pretty
>> debatable to me. Yes, it supports usages in which you want to put
>> security-sensitive information into the appname, but at the cost of
>> disabling (perfectly reasonable) usages where you don't. If we made
>> the app name universally visible, people simply wouldn't put security
>> sensitive info in it, the same as they don't put it on the command line.
>> Should we change this?
> Uh, yeah, I guess. That wasn't a concious decision, more a copy n
> paste inherited 'feature'.
OK. Everybody seems to agree it should not be hidden, so I'll go change
that.
>> 2. I am wondering if we should mark application_name as
>> GUC_NO_RESET_ALL.
> I think we should use GUC_NO_RESET_ALL.
I agree with you, but it seems we have at least as many votes to not do
that. Any other votes out there?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2009-11-29 18:16:32 | Re: cvs chapters in our docs |
| Previous Message | Magnus Hagander | 2009-11-29 17:09:04 | Re: LDAP where DN does not include UID attribute |