First of all, I apologize for submitting a patch and missing the commitfest deadline. Given the size of the patch, I thought I'd submit it for your consideration regardless.
This patch prevents non-superusers from viewing other user's pg_stat_activity.application_name. This topic was discussed some time ago  and consequently application_name was made world readable . I would like to propose that we hide it instead by reverting to the original behavior. There is a very large number of databases on the same cluster shared across different users who can easily view each other's application_name values. Along with that, there are some libraries that default application_name to the name of the running process , which can leak information about what web servers applications are running, queue systems, etc. Furthermore leaking application names in a multi-tenant environment is more information than an attacker should have access to on services like Heroku and other similar providers. Thanks and regards, -Harold Giménez  http://www.postgresql.org/message-id/14808.1259452...@sss.pgh.pa.us  http://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=0c61cff57a1dc7685fcac9f09451b261f14cb711  https://bitbucket.org/ged/ruby-pg/src/6c2444dc63e17eb695363993e8887cc5d67750bc/lib/pg/connection.rb?at=default#cl-44
Description: Binary data
-- Sent via pgsql-hackers mailing list (firstname.lastname@example.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers