On Mon, 2009-10-19 at 08:47 +0100, Dave Page wrote: > On Mon, Oct 19, 2009 at 8:37 AM, Peter Eisentraut <pete...@gmx.net> wrote: > > On Fri, 2009-10-16 at 12:58 +0100, Dave Page wrote: > >> I think that covers all the suggestions discussed over the last couple > >> of days, with the exception of the rejection of \n and similar > >> characters which I'm still not entirely convinced is worth the effort. > >> Any other opinions on that? Anything else that should be > >> added/changed? > > > > So this would effectively allow any minimally authorized user to write > > whatever they want into the log file whenever they want? Doesn't sound > > very safe to me. > > A user can do that anyway if query logging is turned on, but anyway, > what would you suggest - accept a-zA-Z0-9 and a few other choice > characters only, or just reject a handful (and if so, what)?
Well, either you make the thing wide open and thus pretty insecure and unreliable, or you put in arbitrary limits which will possibly upset many users, or you design some fairly complex rules about what is allowed or not in what context. At which point you might realize that you can pretty much do all of this already in a much better way: Create a user account for each application or group of applications and assign them the roles that you are currently using as login users. The user names already show up in all the places that people want: ps, log, activity tables. And moreover, the admin can control exactly who is allowed to use what user name in what context, so there is no log spamming or confusing one's identity. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers