| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Information of pg_stat_ssl visible to all users |
| Date: | 2015-07-02 19:29:05 |
| Message-ID: | CABUevEyomTz4fuDy2QCu8JW9=43Dcy_Fsg4Umjf8jQOK-c4bsA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Jul 2, 2015 at 5:40 PM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
> On 6/10/15 2:17 AM, Magnus Hagander wrote:
> > AIUI that one was just about the DN field, and not about the rest. If I
> > understand you correctly, you are referring to the whole thing, not just
> > one field?
>
> I think at least the DN field shouldn't be visible to unprivileged users.
>
What's the argument for that? I mean, the DN field is the equivalent of the
username, and we show the username in pg_stat_activity already. Are you
envisioning a scenario where there is actually something secret in the DN?
>
> Actually, I think the whole view shouldn't be accessible to unprivileged
> users, except maybe your own row.
>
>
I could go for some of the others if we think there's reason, but I don't
understand the dn part?
I guess there's some consistency in actually blocking exactly everything...
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2015-07-02 19:36:11 | Re: Improve testing notes? |
| Previous Message | Josh Berkus | 2015-07-02 18:52:49 | Improve testing notes? |