Re: [PATCH] Include application_name in "connection authorized" log message

Andres Freund <andres@anarazel.de>

From: Andres Freund <andres@anarazel.de>
To: pgsql-hackers@lists.postgresql.org,Stephen Frost <sfrost@snowman.net>
Cc: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>,Don Seiler <don@seiler.us>,Tom Lane <tgl@sss.pgh.pa.us>
Date: 2018-09-27T21:59:01Z
Lists: pgsql-hackers

On September 27, 2018 2:55:56 PM PDT, Stephen Frost <sfrost@snowman.net> wrote:
>Greetings,
>
>* Andres Freund (andres@anarazel.de) wrote:
>> On 2018-09-27 17:41:56 -0400, Stephen Frost wrote:
>> > Of course, if I'm missing something as to why the ascii-cleaning
>makes
>> > sense or is necessary, I'm all ears, but I'm just not seeing it.
>> 
>> There's many reasons. For example you can send terminal control
>> characters to the server. When somebody then looks at the log, you
>can
>> screw with them pretty good, unless they're always careful to go
>through
>> less (without -r).  We should be *more* not *less* careful about this
>> kind of hting.
>
>I seriously doubt we're going to start stripping usernames down to
>ASCII
>for them to be displayed in the log file.

So? As you say, they are much more control from the a admins of the server.  I guess at some point we should have more expansive whitelisting than just ASCII, but that seems separate.

Andres
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.


Commits

  1. Add application_name to connection authorized msg