On Sat, Nov 28, 2009 at 7:27 PM, Joshua Tolley <eggyk...@gmail.com> wrote: > On Sat, Nov 28, 2009 at 06:47:49PM -0500, Tom Lane wrote: >> Dave Page <dp...@pgadmin.org> writes: >> > Updated application name patch, including a GUC assign hook to clean >> > the application name of any unsafe characters, per discussion. >> >> Applied with assorted editorialization. There were a couple of >> definitional issues that I don't recall if we had consensus on: >> >> 1. The patch prevents non-superusers from seeing other users' >> application names in pg_stat_activity. This seems at best pretty >> debatable to me. Yes, it supports usages in which you want to put >> security-sensitive information into the appname, but at the cost of >> disabling (perfectly reasonable) usages where you don't. If we made >> the app name universally visible, people simply wouldn't put security >> sensitive info in it, the same as they don't put it on the command line. >> Should we change this? >> >> (While I'm looking at it, I wonder why client_addr and client_port >> are similarly hidden.) > > I vote for showing it to everyone, superuser or otherwise, though I can't > really say why I feel that way.
+1. >> 2. I am wondering if we should mark application_name as >> GUC_NO_RESET_ALL. As-is, the value sent at libpq initialization >> will be lost during RESET ALL, which would probably surprise people. >> On the other hand, not resetting it might surprise other people. >> If we were able to send it in the startup packet then this wouldn't >> be a problem, but we are far from being able to do that. > > Nothing I've written uses RESET ALL, but if it did, I expect it would be > because whatever the connection was being used for in the past differs > substantially from whatever I plan to use it for in the future, which seems a > suitable time also to change application_name. I vote against > GUC_NO_RESET_ALL. +1 to this, too. ...Robert -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
