| From: | "Imseih (AWS), Sami" <simseih(at)amazon(dot)com> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>, Peter Eisentraut <peter(at)eisentraut(dot)org> |
| Cc: | Nathan Bossart <nathandbossart(at)gmail(dot)com>, Jim Jones <jim(dot)jones(at)uni-muenster(dot)de>, Pavel Luzanov <p(dot)luzanov(at)postgrespro(dot)ru>, "Erik Wienhold" <ewie(at)ewie(dot)name>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Psql meta-command conninfo+ |
| Date: | 2024-04-04 19:20:41 |
| Message-ID: | 21B5F7D1-5E15-47AF-B5D9-CB8A2F9BF97F@amazon.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> The point about application_name is a valid one. I guess it's there
> because it's commonly given from the client side rather than being set
>server-side, even though it's still a GUC. Arguably we could remove it
> from \conninfo+, and claim that nothing that shows up in \dconfig should
> also appear in \conninfo+. Then users should get in the habit of using
> both to obtain a full picture. This sounds to me a very good compromise
> actually.
Perhaps another reason to remove "application_name" is because the
value can be modified after the connection is established. If that is also
another good reason, the same can be said about "Current User"
and "Session User" as those could be modified with SET commands.
This way conninfo could be only for attributes that will not change
during the lifetime of the connection.
Also, I just realized that pg_stat_ssl and pg_stat_gssapi will both return 0
rows if there is a set role/set session authorization, this means \conninfo+
will return empty.
postgres=> select current_user;
current_user
--------------
user1
(1 row)
postgres=> select * from pg_stat_ssl ;
pid | ssl | version | cipher | bits | client_dn | client_serial | issuer_dn
-------+-----+---------+-----------------------------+------+-----------+---------------+-----------
27223 | t | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 | 256 | | |
(1 row)
postgres=> set role = user2;
SET
postgres=> select * from pg_stat_ssl ;
pid | ssl | version | cipher | bits | client_dn | client_serial | issuer_dn
-----+-----+---------+--------+------+-----------+---------------+-----------
(0 rows)
postgres=> select current_user;
current_user
--------------
user2
(1 row)
postgres=> reset role;
RESET
postgres=> select current_user;
current_user
--------------
user1
(1 row)
postgres=> select * from pg_stat_ssl ;
pid | ssl | version | cipher | bits | client_dn | client_serial | issuer_dn
-------+-----+---------+-----------------------------+------+-----------+---------------+-----------
27223 | t | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 | 256 | | |
(1 row)
Regards,
Sami
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2024-04-04 19:27:32 | Re: Reports on obsolete Postgres versions |
| Previous Message | Alexander Korotkov | 2024-04-04 19:17:45 | Re: Add SPLIT PARTITION/MERGE PARTITIONS commands |