From: | Jim Mlodgenski <jimmy76(at)gmail(dot)com> |
---|---|
To: | Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com> |
Cc: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Client Messages |
Date: | 2012-01-18 14:19:13 |
Message-ID: | CAB_5SRefrOd4CM8m=snDicCUDU1QAqt2f+3SfT9eV+wPGWS_6A@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, Jan 18, 2012 at 3:08 AM, Heikki Linnakangas
<heikki(dot)linnakangas(at)enterprisedb(dot)com> wrote:
> On 18.01.2012 07:49, Fujii Masao wrote:
>>
>> On Fri, Jan 6, 2012 at 1:38 AM, Jim Mlodgenski<jimmy76(at)gmail(dot)com> wrote:
>>>
>>> I have a need to send banner messages to a psql client that I can set
>>> on the server and will be displayed on any psql client that connects
>>> to the database. This would be mostly used as an additional indicator
>>> to which database you are connecting, but could also be used by people
>>> to force their users to see an security message when connecting to the
>>> database. The attached patch will allow you to execute
>>>
>>> ALTER DATABASE postgres SET
>>>
>>> client_message=E'********************************************************************************\nBEWARE:
>>> You are connecting to a production database. If you do anything to\n
>>> bring this server down, you will be destroyed by your supreme
>>>
>>> overlord.\n********************************************************************************\n';
>>>
>>> And then when you connect to psql, you will see:
>>>
>>> [e3(at)workstation bin]$ ./psql -U user1 postgres
>>> psql (9.2devel)
>>>
>>> ********************************************************************************
>>> BEWARE: You are connecting to a production database. If you do anything
>>> to
>>> bring this server down, you will be destroyed by your supreme
>>> overlord.
>>>
>>> ********************************************************************************
>>>
>>> Type "help" for help.
>>>
>>> postgres=>
>>>
>>>
>>> Any feedback is welcome.
>>
>>
>> Adding new GUC parameter only for the purpose of warning psql users
>> seems overkill to me. Basically we try to reduce the number of GUC
>> parameters to make a configuration easier to a user, so I don't think that
>> it's good idea to add new GUC for such a small benefit.
>
>
> It seems quite useful to me...
>
>
>> Instead, how
>> about using .psqlrc file and writing a warning message in it by using
>> \echo command?
>
>
> That's not the same thing at all. Each client would need to put the warning
> in that file, and you'd get it regardless of the database you connect to.
>
>
>> Anyway, I found one problem in the patch. The patch defines client_message
>> as PGC_USERSET parameter, which means that any psql can falsify a
>> warning message, e.g., by setting the environment variable PGOPTIONS
>> to "-c client_message=hoge". This seems to be something to avoid from
>> security point of view.
>
>
> I don't think that's a problem, it's just a free-form message to display.
> But it also doesn't seem very useful to have it PGC_USERSET: if it's only
> displayed at connect time, there's no point in changing it after connecting.
Should we make it PGC_BACKEND?
>
> The only security problem that I can think of is a malicious server
> (man-in-the-middle perhaps), that sends a banner that confuses
>
> Docs for PQparameterStatus() needs adjustment, now that client_message is
> also one of the settings automatically reported to the client.
I'll add the docs for that..
>
> The placement of the banner in psql looks currently like this:
>
>> $ psql postgres
>>
>> psql (9.2devel)
>> Hello world!
>> Type "help" for help.
>
>
> or
>
>> postgres=# \c postgres
>> Hello world!
>> You are now connected to database "postgres" as user "heikki".
>
>
> Are we happy with that? I think it would be better to print the banner just
> before the prompt:
I like that better. I'll make that change as well.
>
>> psql (9.2devel)
>> Type "help" for help.
>>
>> Hello world!
>>
>> postgres=# \c postgres
>> You are now connected to database "postgres" as user "heikki".
>
>> Hello world!
>> postgres=#
>
> Should we prefix the banner with something that makes it clear that it's a
> message coming from the server? Something like:
I don't think the default prefix adds much for the user. If the
administrator wants to let the user know that its from the server, he
can add it to the message.
>
>> psql (9.2devel)
>> Type "help" for help.
>>
>> Notice from server: Hello world!
>>
>> postgres=# \c postgres
>> You are now connected to database "postgres" as user "heikki".
>> Notice from server: Hello world!
>> postgres=#
>
> --
> Heikki Linnakangas
> EnterpriseDB http://www.enterprisedb.com
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2012-01-18 14:46:14 | Re: Command Triggers |
Previous Message | Cédric Villemain | 2012-01-18 14:03:57 | Re: Simulating Clog Contention |