Re: More detailed auth info
| От | Magnus Hagander |
|---|---|
| Тема | Re: More detailed auth info |
| Дата | |
| Msg-id | AANLkTimTNWsrWtu9MEVHdM0XJt7viWMRv1jA3ow5gm9+@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: More detailed auth info (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: More detailed auth info
|
| Список | pgsql-hackers |
On Fri, Jan 21, 2011 at 15:51, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Magnus Hagander <magnus@hagander.net> writes: >> I came across a case this week where I wanted to be able to determine >> more detailed auth information on already logged in sessions - not >> from the client, but from the server. In this specific case, I wanted >> to examine the "is ssl" flag on the connection. But I can see other >> things being interesting, such as which user is on the other end (when >> pg_ident is in use), more detailed SSL information, full kerberos >> principal when kerberos in use etc. > >> I doubt this is common enough to want to stick it in pg_stat_activity >> though, but what do people think? And if not there, as a separate view >> or just as a function to call (e.g. >> pg_get_detailed_authinfo(<backendpid>)) > > By and large, it's been thought to be a possible security hole to expose > such information, except possibly in the postmaster log. I'm certainly > *not* in favor of creating a view for it. Well, it would obviously be superuser only. Would you object to a function as well? -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
В списке pgsql-hackers по дате отправления: