Application name patch - v2
in [PgSql]
|
Prev: Hot standby status
Next: per table random-page-cost?
From: Peter Eisentraut on 19 Oct 2009 03:37 On Fri, 2009-10-16 at 12:58 +0100, Dave Page wrote: > I think that covers all the suggestions discussed over the last couple > of days, with the exception of the rejection of \n and similar > characters which I'm still not entirely convinced is worth the effort. > Any other opinions on that? Anything else that should be > added/changed? So this would effectively allow any minimally authorized user to write whatever they want into the log file whenever they want? Doesn't sound very safe to me. -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
From: Dave Page on 19 Oct 2009 03:47 On Mon, Oct 19, 2009 at 8:37 AM, Peter Eisentraut <peter_e(a)gmx.net> wrote: > On Fri, 2009-10-16 at 12:58 +0100, Dave Page wrote: >> I think that covers all the suggestions discussed over the last couple >> of days, with the exception of the rejection of \n and similar >> characters which I'm still not entirely convinced is worth the effort. >> Any other opinions on that? Anything else that should be >> added/changed? > > So this would effectively allow any minimally authorized user to write > whatever they want into the log file whenever they want? Doesn't sound > very safe to me. A user can do that anyway if query logging is turned on, but anyway, what would you suggest - accept a-zA-Z0-9 and a few other choice characters only, or just reject a handful (and if so, what)? -- Dave Page EnterpriseDB UK: http://www.enterprisedb.com -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
From: Pavel Stehule on 19 Oct 2009 03:54 2009/10/19 Dave Page <dpage(a)pgadmin.org>: > On Mon, Oct 19, 2009 at 8:37 AM, Peter Eisentraut <peter_e(a)gmx.net> wrote: >> On Fri, 2009-10-16 at 12:58 +0100, Dave Page wrote: >>> I think that covers all the suggestions discussed over the last couple >>> of days, with the exception of the rejection of \n and similar >>> characters which I'm still not entirely convinced is worth the effort. >>> Any other opinions on that? Anything else that should be >>> added/changed? >> >> So this would effectively allow any minimally authorized user to write >> whatever they want into the log file whenever they want? Â Doesn't sound >> very safe to me. > > A user can do that anyway if query logging is turned on, but anyway, > what would you suggest - accept a-zA-Z0-9 and a few other choice > characters only, or just reject a handful (and if so, what)? I dislike write access to app name guc for user too. It's not safe. Maybe only super user can do it? Regards Pavel Stehule > > > -- > Dave Page > EnterpriseDB UK: Â http://www.enterprisedb.com > > -- > Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-hackers > -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
From: Dave Page on 19 Oct 2009 04:08 On Mon, Oct 19, 2009 at 8:54 AM, Pavel Stehule <pavel.stehule(a)gmail.com> wrote: > I dislike write access to app name guc for user too. It's not safe. > Maybe only super user can do it? That'll render it pretty useless, as most applications wouldn't then be able to set/reset it when it makes sense to do so. -- Dave Page EnterpriseDB UK: http://www.enterprisedb.com -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
From: Heikki Linnakangas on 19 Oct 2009 04:10
Pavel Stehule wrote: > 2009/10/19 Dave Page <dpage(a)pgadmin.org>: >> On Mon, Oct 19, 2009 at 8:37 AM, Peter Eisentraut <peter_e(a)gmx.net> wrote: >>> So this would effectively allow any minimally authorized user to write >>> whatever they want into the log file whenever they want? Doesn't sound >>> very safe to me. >> A user can do that anyway if query logging is turned on, but anyway, >> what would you suggest - accept a-zA-Z0-9 and a few other choice >> characters only, or just reject a handful (and if so, what)? > > I dislike write access to app name guc for user too. It's not safe. > Maybe only super user can do it? The application name is provided by the client. In the server, we have no control over what the client put there. We can limit it to certain characters, but other than that we just have to take it at face value. Or are you saying that it should not be possible for the client to change the value after connecting? That limits the usefulness with connection pools. -- Heikki Linnakangas EnterpriseDB http://www.enterprisedb.com -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers |