Re: Proposal: Save user's original authenticated identity for logging

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Jacob Champion <pchampion(at)vmware(dot)com>
Cc: "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Proposal: Save user's original authenticated identity for logging
Date: 2021-01-29 23:40:34
Message-ID: 2832058.1611963634@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Jacob Champion <pchampion(at)vmware(dot)com> writes:
> On Fri, 2021-01-29 at 17:30 -0500, Tom Lane wrote:
>> What happens if ALTER USER RENAME is done while the session is still
>> alive?

> IMO the authenticated identity should be write-once. Especially since
> one of my goals is to have greater auditability into events as they've
> actually happened. So ALTER USER RENAME should have no effect.

> This also doesn't really affect third-party auth methods. If I'm bound
> as pchampion(at)EXAMPLE(dot)COM and a superuser changes my username to tlane,
> you _definitely_ don't want to see my authenticated identity change to
> tlane(at)EXAMPLE(dot)COM(dot) That's not who I am.

Ah. So basically, this comes into play when you consider that some
outside-the-database entity is your "real" authenticated identity.
That seems reasonable when using Kerberos or the like, though it's
not real meaningful for traditional password-type authentication.
I'd misunderstood your point before.

So, if we store this "real" identity, is there any security issue
involved in exposing it to other users (via pg_stat_activity or
whatever)?

I remain concerned about the cost and inconvenience of exposing
it via log_line_prefix, but at least that shouldn't be visible
to anyone who's not entitled to know who's logged in ...

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Peter Geoghegan 2021-01-29 23:45:27 Re: Should we make Bitmapsets a kind of Node?
Previous Message Jacob Champion 2021-01-29 23:33:02 Re: Proposal: Save user's original authenticated identity for logging