| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | Lou Picciano <LouPicciano(at)comcast(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Kyotaro HORIGUCHI <horiguchi(dot)kyotaro(at)lab(dot)ntt(dot)co(dot)jp>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: pg_stat_ssl additions |
| Date: | 2018-11-29 13:49:02 |
| Message-ID: | d80f6c25-643f-a9b8-787e-3b05e2c13911@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 29/11/2018 01:27, Lou Picciano wrote:
> Further, I’m not sure exposing details about Cert Issuer, etc. to
> non-privileged users is much of an issue. For the most part, in most use
> cases, ‘users’ should//would/ want to know what entity is the issuer. If
> we’re talking about client certs, most of this is readily readable
> anyway, no?
The debate is whether an unprivileged user should be able to read the
SSL information of *other* users' connections.
My opinion is no.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dmitry Dolgov | 2018-11-29 14:01:55 | Re: [HACKERS] SERIALIZABLE on standby servers |
| Previous Message | Dmitry Dolgov | 2018-11-29 13:45:42 | Re: [HACKERS] proposal - Default namespaces for XPath expressions (PostgreSQL 11) |