Re: More detailed auth info
| От | Tom Lane |
|---|---|
| Тема | Re: More detailed auth info |
| Дата | |
| Msg-id | 9339.1295621486@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | More detailed auth info (Magnus Hagander <magnus@hagander.net>) |
| Ответы |
Re: More detailed auth info
|
| Список | pgsql-hackers |
Magnus Hagander <magnus@hagander.net> writes:
> I came across a case this week where I wanted to be able to determine
> more detailed auth information on already logged in sessions - not
> from the client, but from the server. In this specific case, I wanted
> to examine the "is ssl" flag on the connection. But I can see other
> things being interesting, such as which user is on the other end (when
> pg_ident is in use), more detailed SSL information, full kerberos
> principal when kerberos in use etc.
> I doubt this is common enough to want to stick it in pg_stat_activity
> though, but what do people think? And if not there, as a separate view
> or just as a function to call (e.g.
> pg_get_detailed_authinfo(<backendpid>))
By and large, it's been thought to be a possible security hole to expose
such information, except possibly in the postmaster log. I'm certainly
*not* in favor of creating a view for it.
regards, tom lane
В списке pgsql-hackers по дате отправления: