Re: Psql meta-command conninfo+

Sami Imseih <simseih@amazon.com>

From: "Imseih (AWS), Sami" <simseih@amazon.com>
To: Alvaro Herrera <alvherre@alvh.no-ip.org>, Peter Eisentraut <peter@eisentraut.org>
Cc: Nathan Bossart <nathandbossart@gmail.com>, Jim Jones <jim.jones@uni-muenster.de>, Pavel Luzanov <p.luzanov@postgrespro.ru>, "Erik Wienhold" <ewie@ewie.name>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2024-04-04T19:20:41Z
Lists: pgsql-hackers
> The point about application_name is a valid one. I guess it's there
> because it's commonly given from the client side rather than being set
>server-side, even though it's still a GUC. Arguably we could remove it
> from \conninfo+, and claim that nothing that shows up in \dconfig should
> also appear in \conninfo+. Then users should get in the habit of using
> both to obtain a full picture. This sounds to me a very good compromise
> actually.

Perhaps another reason to remove "application_name" is because the
value can be modified after the connection is established. If that is also
another good reason, the same can be said about "Current User"
and "Session User" as those could be modified with SET commands.

This way conninfo could be only for attributes that will not change
during the lifetime of the connection.


Also, I just realized that pg_stat_ssl and pg_stat_gssapi will both return 0
rows if there is a set role/set session authorization, this means \conninfo+
will return empty.

postgres=> select current_user;
 current_user 
--------------
 user1
(1 row)

postgres=> select * from pg_stat_ssl ;
  pid  | ssl | version |           cipher            | bits | client_dn | client_serial | issuer_dn 
-------+-----+---------+-----------------------------+------+-----------+---------------+-----------
 27223 | t   | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 |  256 |           |               | 
(1 row)

postgres=> set role = user2;
SET
postgres=> select * from pg_stat_ssl ;
 pid | ssl | version | cipher | bits | client_dn | client_serial | issuer_dn 
-----+-----+---------+--------+------+-----------+---------------+-----------
(0 rows)

postgres=> select current_user;
 current_user 
--------------
 user2
(1 row)

postgres=> reset role;
RESET
postgres=> select current_user;
 current_user 
--------------
 user1
(1 row)

postgres=> select * from pg_stat_ssl ;
  pid  | ssl | version |           cipher            | bits | client_dn | client_serial | issuer_dn 
-------+-----+---------+-----------------------------+------+-----------+---------------+-----------
 27223 | t   | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 |  256 |           |               | 
(1 row)


Regards, 

Sami 






Commits

  1. psql: Change new \conninfo to use SSL instead of TLS

  2. Change \conninfo to use tabular format

  3. Update extension lookup routines to use the syscache

  4. Improve COPY TO performance when server and client encodings match

  5. doc: Remove superfluous bracket in synopsis

  6. Remove psql support for server versions preceding 9.2.