On Fri, Jan 21, 2011 at 10:14 AM, Magnus Hagander <mag...@hagander.net> wrote: > On Fri, Jan 21, 2011 at 15:51, Tom Lane <t...@sss.pgh.pa.us> wrote: >> Magnus Hagander <mag...@hagander.net> writes: >>> I came across a case this week where I wanted to be able to determine >>> more detailed auth information on already logged in sessions - not >>> from the client, but from the server. In this specific case, I wanted >>> to examine the "is ssl" flag on the connection. But I can see other >>> things being interesting, such as which user is on the other end (when >>> pg_ident is in use), more detailed SSL information, full kerberos >>> principal when kerberos in use etc. >> >>> I doubt this is common enough to want to stick it in pg_stat_activity >>> though, but what do people think? And if not there, as a separate view >>> or just as a function to call (e.g. >>> pg_get_detailed_authinfo(<backendpid>)) >> >> By and large, it's been thought to be a possible security hole to expose >> such information, except possibly in the postmaster log. I'm certainly >> *not* in favor of creating a view for it. > > Well, it would obviously be superuser only.
What if the user's password is in their connection string? -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
