Re: [HACKERS] idea: custom log_line_prefix components besides application_name

2017-07-12 Thread Chapman Flack
On 07/12/17 08:38, Robert Haas wrote: > another protocol message. I feel like the usefulness of this for > connection pooling software is pretty obvious: it's a lot easier for > the pooler to disallow a certain protocol message than a certain SQL > command. I assume you mean easier than

Re: [HACKERS] idea: custom log_line_prefix components besides application_name

2017-07-12 Thread David Fetter
On Wed, Jul 12, 2017 at 07:38:56AM -0500, Robert Haas wrote: > On Tue, May 9, 2017 at 9:43 PM, Chapman Flack wrote: > > That's where the appident.cookie() function comes in. You just > > query it once at session establishment and remember the cookie. > > That allows your

Re: [HACKERS] idea: custom log_line_prefix components besides application_name

2017-07-12 Thread Robert Haas
On Tue, May 9, 2017 at 9:43 PM, Chapman Flack wrote: > That's where the appident.cookie() function comes in. You just > query it once at session establishment and remember the cookie. > That allows your code to say: > > SET SESSION ON BEHALF OF 'joe user' BECAUSE I HAVE

Re: [HACKERS] idea: custom log_line_prefix components besides application_name

2017-05-10 Thread Chapman Flack
On 05/10/2017 03:56 AM, Craig Ringer wrote: > On 10 May 2017 10:44 am, "Chapman Flack" wrote: >> On 05/09/17 18:48, Mark Dilger wrote: >>> SET SESSION ON BEHALF OF 'joe user' > > No need to do anything they custom and specific. No need for new syntax > either. > SET

Re: [HACKERS] idea: custom log_line_prefix components besides application_name

2017-05-10 Thread Craig Ringer
On 10 May 2017 10:44 am, "Chapman Flack" wrote: On 05/09/17 18:48, Mark Dilger wrote: > I don't have any positive expectation that the postgres community will go > along with any of this, but just from my point of view, the cleaner way to > do what you are proposing is

Re: [HACKERS] idea: custom log_line_prefix components besides application_name

2017-05-09 Thread Chapman Flack
On 05/09/17 18:48, Mark Dilger wrote: > I don't have any positive expectation that the postgres community will go > along with any of this, but just from my point of view, the cleaner way to > do what you are proposing is something like setting a session variable. > > In your middle tier java

Re: [HACKERS] idea: custom log_line_prefix components besides application_name

2017-05-09 Thread Mark Dilger
> On May 9, 2017, at 3:14 PM, Chapman Flack wrote: > > On 05/09/2017 01:25 PM, Mark Dilger wrote: > >> Consensus, no, but utility, yes. >> >> In three tier architectures there is a general problem that the database >> role used by the middle tier to connect to the

Re: [HACKERS] idea: custom log_line_prefix components besides application_name

2017-05-09 Thread Chapman Flack
On 05/09/2017 01:25 PM, Mark Dilger wrote: > Consensus, no, but utility, yes. > > In three tier architectures there is a general problem that the database > role used by the middle tier to connect to the database does not entail > information about the user who, such as a visitor to your

Re: [HACKERS] idea: custom log_line_prefix components besides application_name

2017-05-09 Thread Tom Lane
David Fetter writes: > On Tue, May 09, 2017 at 12:48:01PM -0400, Tom Lane wrote: >> I don't think that's a problem: while psql will remove "--" and everything >> following it until newline, it won't remove the newline. So there's still >> a token boundary there. > We may still

Re: [HACKERS] idea: custom log_line_prefix components besides application_name

2017-05-09 Thread David Fetter
On Tue, May 09, 2017 at 12:48:01PM -0400, Tom Lane wrote: > David Fetter writes: > > On Fri, May 05, 2017 at 02:20:26PM -0400, Robert Haas wrote: > >> On Thu, May 4, 2017 at 10:59 AM, Chapman Flack > >> wrote: > >>> invalid input syntax for integer: "21'

Re: [HACKERS] idea: custom log_line_prefix components besides application_name

2017-05-09 Thread Mark Dilger
> On May 9, 2017, at 9:48 AM, Tom Lane wrote: > > David Fetter writes: >> On Fri, May 05, 2017 at 02:20:26PM -0400, Robert Haas wrote: >>> On Thu, May 4, 2017 at 10:59 AM, Chapman Flack >>> wrote: invalid input syntax for

Re: [HACKERS] idea: custom log_line_prefix components besides application_name

2017-05-09 Thread Tom Lane
David Fetter writes: > On Fri, May 05, 2017 at 02:20:26PM -0400, Robert Haas wrote: >> On Thu, May 4, 2017 at 10:59 AM, Chapman Flack wrote: >>> invalid input syntax for integer: "21' && 1=2)) Uni/**/ON >>> SEl/**/eCT

Re: [HACKERS] idea: custom log_line_prefix components besides application_name

2017-05-09 Thread David Fetter
On Fri, May 05, 2017 at 02:20:26PM -0400, Robert Haas wrote: > On Thu, May 4, 2017 at 10:59 AM, Chapman Flack wrote: > > invalid input syntax for integer: "21' && 1=2)) Uni/**/ON > > SEl/**/eCT 0x646665743166657274,0x646665743266657274, > > 0x646665743366657274 -- " > >

Re: [HACKERS] idea: custom log_line_prefix components besides application_name

2017-05-05 Thread Robert Haas
On Thu, May 4, 2017 at 10:59 AM, Chapman Flack wrote: > invalid input syntax for integer: "21' && 1=2)) Uni/**/ON > SEl/**/eCT 0x646665743166657274,0x646665743266657274, > 0x646665743366657274 -- " Now that is choice. I wonder what specific database system that's

[HACKERS] idea: custom log_line_prefix components besides application_name

2017-05-04 Thread Chapman Flack
Hi, At $work I am often entertained by log entries like: invalid input syntax for integer: "21' && 1=2)) Uni/**/ON SEl/**/eCT 0x646665743166657274,0x646665743266657274, 0x646665743366657274 -- " They're entertaining mostly because I know our web guy has heard of SQL injection and doesn't write