First of all, I apologize for submitting a patch and missing the commitfest deadline. Given the size of the patch, I thought I'd submit it for your consideration regardless.
This patch prevents non-superusers from viewing other user's pg_stat_activity.application_name. This topic was discussed some time ago [1] and consequently application_name was made world readable [2]. I would like to propose that we hide it instead by reverting to the original behavior. There is a very large number of databases on the same cluster shared across different users who can easily view each other's application_name values. Along with that, there are some libraries that default application_name to the name of the running process [3], which can leak information about what web servers applications are running, queue systems, etc. Furthermore leaking application names in a multi-tenant environment is more information than an attacker should have access to on services like Heroku and other similar providers. Thanks and regards, -Harold Giménez [1] http://www.postgresql.org/message-id/14808.1259452...@sss.pgh.pa.us [2] http://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=0c61cff57a1dc7685fcac9f09451b261f14cb711 [3] https://bitbucket.org/ged/ruby-pg/src/6c2444dc63e17eb695363993e8887cc5d67750bc/lib/pg/connection.rb?at=default#cl-44
hide_application_name_v1.patch
Description: Binary data
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers