On 7/2/15 3:29 PM, Magnus Hagander wrote: > On Thu, Jul 2, 2015 at 5:40 PM, Peter Eisentraut <pete...@gmx.net > <mailto:pete...@gmx.net>> wrote: > > On 6/10/15 2:17 AM, Magnus Hagander wrote: > > AIUI that one was just about the DN field, and not about the rest. If I > > understand you correctly, you are referring to the whole thing, not just > > one field? > > I think at least the DN field shouldn't be visible to unprivileged > users. > > What's the argument for that? I mean, the DN field is the equivalent of > the username, and we show the username in pg_stat_activity already. Are > you envisioning a scenario where there is actually something secret in > the DN?
I think the DN is analogous to the remote user name, which we don't expose for any of the other authentication methods. > Actually, I think the whole view shouldn't be accessible to unprivileged > users, except maybe your own row. > > > I could go for some of the others if we think there's reason, but I > don't understand the dn part? > > I guess there's some consistency in actually blocking exactly everything... I think the default approach for security and authentication related information should be conservative, even if there is not a specific reason. Or to put it another way: What is the motivation for showing this information at all? -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
