On 2015-08-31 14:29:10 +0200, Andres Freund wrote: > On 2015-08-31 21:17:48 +0900, Michael Paquier wrote: > > How can you be sure as well that all such deployments would use random > > CN fields and/or random usernames? We have no guarantee of that as > > well. > > Sorry, but this is a bit ridiculous.
And this email was incomplete, sorry for that. The username isn't guaranteed to be randomized. Application name will very rarely be given it's set by the client. We show all of that today. To me the fix for all this is to actually improve the situation (by allowing proper permissions on pg_stat_activity) rather than incur pain to everyone because of an absolutely marginal improvement in security. Greetings, Andres Freund -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
