Re: Information of pg_stat_ssl visible to all users

On Mon, Aug 31, 2015 at 9:04 PM, Magnus Hagander <magnus@hagander.net> wrote:
>
>
> On Sun, Aug 30, 2015 at 5:35 AM, Michael Paquier <michael.paquier@gmail.com>
> wrote:
>>
>>
>>
>> On Sun, Aug 30, 2015 at 5:27 AM, Bruce Momjian wrote:
>>>
>>> I know I am coming in late here, but I know Heroku uses random user
>>> names to allow a cluster to have per-user databases without showing
>>> external user name details:
>>> [...]
>>> I can see them having problems with a user being able to see the SSL
>>> remote user names of all connected users.
>>
>>
>> Yep, and I can imagine that this is the case of any company managing cloud
>> nodes with Postgres embedded, and at least to me that's a real concern.
>
>
>
> How is it a concern that  a CN field with a random username in it is
> visible, when showing the actual random username isn't? That's not very
> consistent...

How can you be sure as well that all such deployments would use random
CN fields and/or random usernames? We have no guarantee of that as
well.
-- 
Michael