Re: Information of pg_stat_ssl visible to all users
| От | Magnus Hagander |
|---|---|
| Тема | Re: Information of pg_stat_ssl visible to all users |
| Дата | |
| Msg-id | CABUevEyomTz4fuDy2QCu8JW9=43Dcy_Fsg4Umjf8jQOK-c4bsA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Information of pg_stat_ssl visible to all users (Peter Eisentraut <peter_e@gmx.net>) |
| Ответы |
Re: Information of pg_stat_ssl visible to all users
Re: Information of pg_stat_ssl visible to all users |
| Список | pgsql-hackers |
On Thu, Jul 2, 2015 at 5:40 PM, Peter Eisentraut <peter_e@gmx.net> wrote:
On 6/10/15 2:17 AM, Magnus Hagander wrote:
> AIUI that one was just about the DN field, and not about the rest. If I
> understand you correctly, you are referring to the whole thing, not just
> one field?
I think at least the DN field shouldn't be visible to unprivileged users.
What's the argument for that? I mean, the DN field is the equivalent of the username, and we show the username in pg_stat_activity already. Are you envisioning a scenario where there is actually something secret in the DN?
Actually, I think the whole view shouldn't be accessible to unprivileged
users, except maybe your own row.
I could go for some of the others if we think there's reason, but I don't understand the dn part?
I guess there's some consistency in actually blocking exactly everything...
--
В списке pgsql-hackers по дате отправления: