On Fri, Jan 21, 2011 at 15:51, Tom Lane <t...@sss.pgh.pa.us> wrote: > Magnus Hagander <mag...@hagander.net> writes: >> I came across a case this week where I wanted to be able to determine >> more detailed auth information on already logged in sessions - not >> from the client, but from the server. In this specific case, I wanted >> to examine the "is ssl" flag on the connection. But I can see other >> things being interesting, such as which user is on the other end (when >> pg_ident is in use), more detailed SSL information, full kerberos >> principal when kerberos in use etc. > >> I doubt this is common enough to want to stick it in pg_stat_activity >> though, but what do people think? And if not there, as a separate view >> or just as a function to call (e.g. >> pg_get_detailed_authinfo(<backendpid>)) > > By and large, it's been thought to be a possible security hole to expose > such information, except possibly in the postmaster log. I'm certainly > *not* in favor of creating a view for it.
Well, it would obviously be superuser only. Would you object to a function as well? -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
