Re: Information of pg_stat_ssl visible to all users

On Tue, Jul  7, 2015 at 12:57:58PM -0400, Tom Lane wrote:
> Andres Freund <andres@anarazel.de> writes:
> > On 2015-07-07 12:03:36 -0400, Peter Eisentraut wrote:
> >> I think the DN is analogous to the remote user name, which we don't
> >> expose for any of the other authentication methods.
> 
> > Huh?
> 
> Peter's exactly right: there is no other case where you can tell what
> some other connection's actual OS username is.  You might *guess* that
> it's the same as their database username, but you don't know that,
> assuming you don't know how they authenticated.
> 
> I'm not sure how security-critical this info really is, though.

I know I am coming in late here, but I know Heroku uses random user
names to allow a cluster to have per-user databases without showing
external user name details:
=> \du                                List of roles   Role name    |                   Attributes                   |
Memberof----------------+------------------------------------------------+----------- aafgrwewediiqz | 20 connections
                             | {} aaszwkfnholarh | 20 connections                                 | {} aatbelxbaeriwy |
20connections                                 | {} aaxiwolkcxmbxo | 20 connections                                 | {}
abbyljzgqaonjb| 20 connections                                 | {}
 

I can see them having problems with a user being able to see the SSL
remote user names of all connected users.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com
 + Everyone has their own god. +