| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: More detailed auth info |
| Date: | 2011-01-21 14:51:26 |
| Message-ID: | 9339.1295621486@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> I came across a case this week where I wanted to be able to determine
> more detailed auth information on already logged in sessions - not
> from the client, but from the server. In this specific case, I wanted
> to examine the "is ssl" flag on the connection. But I can see other
> things being interesting, such as which user is on the other end (when
> pg_ident is in use), more detailed SSL information, full kerberos
> principal when kerberos in use etc.
> I doubt this is common enough to want to stick it in pg_stat_activity
> though, but what do people think? And if not there, as a separate view
> or just as a function to call (e.g.
> pg_get_detailed_authinfo(<backendpid>))
By and large, it's been thought to be a possible security hole to expose
such information, except possibly in the postmaster log. I'm certainly
*not* in favor of creating a view for it.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2011-01-21 14:55:48 | Re: sepgsql contrib module |
| Previous Message | Kevin Grittner | 2011-01-21 14:43:27 | Re: SSI and Hot Standby |