Re: proposal: hide application_name from other users

On Tue, Jan 21, 2014 at 04:06:46PM -0800, Harold Giménez wrote:
> I don't know of a client where it can't be overridden. The friction
> occurs when by default it sets it to something useful to a developer
> (useful eg: to find what process is holding a lock), but is not
> possible to conceal from other users on the same cluster. If this were
> an in-premise or private cluster the point is moot.
> 
> Furthermore consider when even using application_name for it's
> original intended use. On a shared environment as I'm describing here,
> that makes it possible for an attacker to identify what apps connect
> to a given server, or on the other hand is a way to find out where a
> given application stores its data, which can be used for a more
> targeted attack.

So security through obscurity?  Why wouldn't the attacker just try all
the app methods at once and not even bother looking at the application
name?

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com
 + Everyone has their own god. +