Re: Information of pg_stat_ssl visible to all users

Magnus Hagander wrote:
> On Thu, Jul 2, 2015 at 5:40 PM, Peter Eisentraut <peter_e@gmx.net> wrote:

> > Actually, I think the whole view shouldn't be accessible to unprivileged
> > users, except maybe your own row.
> >
> I could go for some of the others if we think there's reason, but I don't
> understand the dn part?
> 
> I guess there's some consistency in actually blocking exactly everything...

One case that I remember popping up every so often was "I don't want
people to know what other customers I have in the same database
cluster".  We leak these details all over the place (catalogs that can
be queried directly, as well as pg_stat_activity itself, etc), so just
changing the new view would accomplish nothing.  If there's interest in
closing these holes, this might be a first step.

-- 
Álvaro Herrera                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services