Re: Information of pg_stat_ssl visible to all users
| От | Peter Eisentraut |
|---|---|
| Тема | Re: Information of pg_stat_ssl visible to all users |
| Дата | |
| Msg-id | 559BF858.4080403@gmx.net обсуждение исходный текст |
| Ответ на | Re: Information of pg_stat_ssl visible to all users (Magnus Hagander <magnus@hagander.net>) |
| Ответы |
Re: Information of pg_stat_ssl visible to all users
Re: Information of pg_stat_ssl visible to all users |
| Список | pgsql-hackers |
On 7/2/15 3:29 PM, Magnus Hagander wrote: > On Thu, Jul 2, 2015 at 5:40 PM, Peter Eisentraut <peter_e@gmx.net > <mailto:peter_e@gmx.net>> wrote: > > On 6/10/15 2:17 AM, Magnus Hagander wrote: > > AIUI that one was just about the DN field, and not about the rest. If I > > understand you correctly, you are referring to the whole thing, not just > > one field? > > I think at least the DN field shouldn't be visible to unprivileged > users. > > What's the argument for that? I mean, the DN field is the equivalent of > the username, and we show the username in pg_stat_activity already. Are > you envisioning a scenario where there is actually something secret in > the DN? I think the DN is analogous to the remote user name, which we don't expose for any of the other authentication methods. > Actually, I think the whole view shouldn't be accessible to unprivileged > users, except maybe your own row. > > > I could go for some of the others if we think there's reason, but I > don't understand the dn part? > > I guess there's some consistency in actually blocking exactly everything... I think the default approach for security and authentication related information should be conservative, even if there is not a specific reason. Or to put it another way: What is the motivation for showing this information at all?
В списке pgsql-hackers по дате отправления: