Re: Psql meta-command conninfo+
Sami Imseih <simseih@amazon.com>
From: "Imseih (AWS), Sami" <simseih@amazon.com>
To: Alvaro Herrera <alvherre@alvh.no-ip.org>, Peter Eisentraut <peter@eisentraut.org>
Cc: Nathan Bossart <nathandbossart@gmail.com>, Jim Jones <jim.jones@uni-muenster.de>, Pavel Luzanov <p.luzanov@postgrespro.ru>, "Erik
Wienhold" <ewie@ewie.name>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2024-04-04T19:20:41Z
Lists: pgsql-hackers
> The point about application_name is a valid one. I guess it's there > because it's commonly given from the client side rather than being set >server-side, even though it's still a GUC. Arguably we could remove it > from \conninfo+, and claim that nothing that shows up in \dconfig should > also appear in \conninfo+. Then users should get in the habit of using > both to obtain a full picture. This sounds to me a very good compromise > actually. Perhaps another reason to remove "application_name" is because the value can be modified after the connection is established. If that is also another good reason, the same can be said about "Current User" and "Session User" as those could be modified with SET commands. This way conninfo could be only for attributes that will not change during the lifetime of the connection. Also, I just realized that pg_stat_ssl and pg_stat_gssapi will both return 0 rows if there is a set role/set session authorization, this means \conninfo+ will return empty. postgres=> select current_user; current_user -------------- user1 (1 row) postgres=> select * from pg_stat_ssl ; pid | ssl | version | cipher | bits | client_dn | client_serial | issuer_dn -------+-----+---------+-----------------------------+------+-----------+---------------+----------- 27223 | t | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 | 256 | | | (1 row) postgres=> set role = user2; SET postgres=> select * from pg_stat_ssl ; pid | ssl | version | cipher | bits | client_dn | client_serial | issuer_dn -----+-----+---------+--------+------+-----------+---------------+----------- (0 rows) postgres=> select current_user; current_user -------------- user2 (1 row) postgres=> reset role; RESET postgres=> select current_user; current_user -------------- user1 (1 row) postgres=> select * from pg_stat_ssl ; pid | ssl | version | cipher | bits | client_dn | client_serial | issuer_dn -------+-----+---------+-----------------------------+------+-----------+---------------+----------- 27223 | t | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 | 256 | | | (1 row) Regards, Sami
Commits
-
psql: Change new \conninfo to use SSL instead of TLS
- 6d6480066c1a 18.0 landed
-
Change \conninfo to use tabular format
- bba2fbc6238b 18.0 landed
-
Update extension lookup routines to use the syscache
- d8df7ac5c04c 18.0 cited
-
Improve COPY TO performance when server and client encodings match
- b619852086ed 17.0 cited
-
doc: Remove superfluous bracket in synopsis
- fdfb92c0307c 17.0 cited
-
Remove psql support for server versions preceding 9.2.
- cf0cab868aa4 15.0 cited