Re: Application name patch - v4

On Sat, Nov 28, 2009 at 7:27 PM, Joshua Tolley <eggyknap(at)gmail(dot)com> wrote:
> On Sat, Nov 28, 2009 at 06:47:49PM -0500, Tom Lane wrote:
>> Dave Page <dpage(at)pgadmin(dot)org> writes:
>> > Updated application name patch, including a GUC assign hook to clean
>> > the application name of any unsafe characters, per discussion.
>>
>> Applied with assorted editorialization.  There were a couple of
>> definitional issues that I don't recall if we had consensus on:
>>
>> 1. The patch prevents non-superusers from seeing other users'
>> application names in pg_stat_activity.  This seems at best pretty
>> debatable to me.  Yes, it supports usages in which you want to put
>> security-sensitive information into the appname, but at the cost of
>> disabling (perfectly reasonable) usages where you don't.  If we made
>> the app name universally visible, people simply wouldn't put security
>> sensitive info in it, the same as they don't put it on the command line.
>> Should we change this?
>>
>> (While I'm looking at it, I wonder why client_addr and client_port
>> are similarly hidden.)
>
> I vote for showing it to everyone, superuser or otherwise, though I can't
> really say why I feel that way.

+1.

>> 2. I am wondering if we should mark application_name as
>> GUC_NO_RESET_ALL.  As-is, the value sent at libpq initialization
>> will be lost during RESET ALL, which would probably surprise people.
>> On the other hand, not resetting it might surprise other people.
>> If we were able to send it in the startup packet then this wouldn't
>> be a problem, but we are far from being able to do that.
>
> Nothing I've written uses RESET ALL, but if it did, I expect it would be
> because whatever the connection was being used for in the past differs
> substantially from whatever I plan to use it for in the future, which seems a
> suitable time also to change application_name. I vote against
> GUC_NO_RESET_ALL.

+1 to this, too.

...Robert