On 2015-08-31 14:29:10 +0200, Andres Freund wrote:
> On 2015-08-31 21:17:48 +0900, Michael Paquier wrote:
> > How can you be sure as well that all such deployments would use random
> > CN fields and/or random usernames? We have no guarantee of that as
> > well.
>
> Sorry, but this is a bit ridiculous.
And this email was incomplete, sorry for that.
The username isn't guaranteed to be randomized. Application name will
very rarely be given it's set by the client. We show all of that
today. To me the fix for all this is to actually improve the situation
(by allowing proper permissions on pg_stat_activity) rather than incur
pain to everyone because of an absolutely marginal improvement in
security.
Greetings,
Andres Freund