On 18.01.2012 07:49, Fujii Masao wrote:
On Fri, Jan 6, 2012 at 1:38 AM, Jim Mlodgenski<jimm...@gmail.com> wrote:
I have a need to send banner messages to a psql client that I can set
on the server and will be displayed on any psql client that connects
to the database. This would be mostly used as an additional indicator
to which database you are connecting, but could also be used by people
to force their users to see an security message when connecting to the
database. The attached patch will allow you to execute
ALTER DATABASE postgres SET
client_message=E'********************************************************************************\nBEWARE:
You are connecting to a production database. If you do anything to\n
bring this server down, you will be destroyed by your supreme
overlord.\n********************************************************************************\n';
And then when you connect to psql, you will see:
[e3@workstation bin]$ ./psql -U user1 postgres
psql (9.2devel)
********************************************************************************
BEWARE: You are connecting to a production database. If you do anything to
bring this server down, you will be destroyed by your supreme overlord.
********************************************************************************
Type "help" for help.
postgres=>
Any feedback is welcome.
Adding new GUC parameter only for the purpose of warning psql users
seems overkill to me. Basically we try to reduce the number of GUC
parameters to make a configuration easier to a user, so I don't think that
it's good idea to add new GUC for such a small benefit.
It seems quite useful to me...
Instead, how
about using .psqlrc file and writing a warning message in it by using
\echo command?
That's not the same thing at all. Each client would need to put the
warning in that file, and you'd get it regardless of the database you
connect to.
Anyway, I found one problem in the patch. The patch defines client_message
as PGC_USERSET parameter, which means that any psql can falsify a
warning message, e.g., by setting the environment variable PGOPTIONS
to "-c client_message=hoge". This seems to be something to avoid from
security point of view.
I don't think that's a problem, it's just a free-form message to
display. But it also doesn't seem very useful to have it PGC_USERSET: if
it's only displayed at connect time, there's no point in changing it
after connecting.
The only security problem that I can think of is a malicious server
(man-in-the-middle perhaps), that sends a banner that confuses
Docs for PQparameterStatus() needs adjustment, now that client_message
is also one of the settings automatically reported to the client.
The placement of the banner in psql looks currently like this:
> $ psql postgres
psql (9.2devel)
Hello world!
Type "help" for help.
or
postgres=# \c postgres
Hello world!
You are now connected to database "postgres" as user "heikki".
Are we happy with that? I think it would be better to print the banner
just before the prompt:
psql (9.2devel)
Type "help" for help.
Hello world!
postgres=# \c postgres
You are now connected to database "postgres" as user "heikki".
> Hello world!
> postgres=#
Should we prefix the banner with something that makes it clear that it's
a message coming from the server? Something like:
> psql (9.2devel)
> Type "help" for help.
>
> Notice from server: Hello world!
>
> postgres=# \c postgres
> You are now connected to database "postgres" as user "heikki".
> Notice from server: Hello world!
> postgres=#
--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
