From: | Andres Freund <andres(at)anarazel(dot)de> |
---|---|
To: | pgsql-hackers(at)lists(dot)postgresql(dot)org,Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>,Don Seiler <don(at)seiler(dot)us>,Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Subject: | Re: [PATCH] Include application_name in "connection authorized" log message |
Date: | 2018-09-27 21:59:01 |
Message-ID: | EEB170C3-EED7-402B-9A9F-CCB7AA21DB2D@anarazel.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On September 27, 2018 2:55:56 PM PDT, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>Greetings,
>
>* Andres Freund (andres(at)anarazel(dot)de) wrote:
>> On 2018-09-27 17:41:56 -0400, Stephen Frost wrote:
>> > Of course, if I'm missing something as to why the ascii-cleaning
>makes
>> > sense or is necessary, I'm all ears, but I'm just not seeing it.
>>
>> There's many reasons. For example you can send terminal control
>> characters to the server. When somebody then looks at the log, you
>can
>> screw with them pretty good, unless they're always careful to go
>through
>> less (without -r). We should be *more* not *less* careful about this
>> kind of hting.
>
>I seriously doubt we're going to start stripping usernames down to
>ASCII
>for them to be displayed in the log file.
So? As you say, they are much more control from the a admins of the server. I guess at some point we should have more expansive whitelisting than just ASCII, but that seems separate.
Andres
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2018-09-27 22:24:31 | Re: [PATCH] Include application_name in "connection authorized" log message |
Previous Message | Stephen Frost | 2018-09-27 21:55:56 | Re: [PATCH] Include application_name in "connection authorized" log message |