Re: More detailed auth info
| От | Robert Haas |
|---|---|
| Тема | Re: More detailed auth info |
| Дата | |
| Msg-id | AANLkTinVn=sV_g-N-=_ZT3NnTGdBxFBCxm6whxT6UatO@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: More detailed auth info (Magnus Hagander <magnus@hagander.net>) |
| Ответы |
Re: More detailed auth info
|
| Список | pgsql-hackers |
On Fri, Jan 21, 2011 at 10:14 AM, Magnus Hagander <magnus@hagander.net> wrote: > On Fri, Jan 21, 2011 at 15:51, Tom Lane <tgl@sss.pgh.pa.us> wrote: >> Magnus Hagander <magnus@hagander.net> writes: >>> I came across a case this week where I wanted to be able to determine >>> more detailed auth information on already logged in sessions - not >>> from the client, but from the server. In this specific case, I wanted >>> to examine the "is ssl" flag on the connection. But I can see other >>> things being interesting, such as which user is on the other end (when >>> pg_ident is in use), more detailed SSL information, full kerberos >>> principal when kerberos in use etc. >> >>> I doubt this is common enough to want to stick it in pg_stat_activity >>> though, but what do people think? And if not there, as a separate view >>> or just as a function to call (e.g. >>> pg_get_detailed_authinfo(<backendpid>)) >> >> By and large, it's been thought to be a possible security hole to expose >> such information, except possibly in the postmaster log. I'm certainly >> *not* in favor of creating a view for it. > > Well, it would obviously be superuser only. What if the user's password is in their connection string? -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
В списке pgsql-hackers по дате отправления: