Re: Application name patch - v2

On Mon, 2009-10-19 at 08:47 +0100, Dave Page wrote:
> On Mon, Oct 19, 2009 at 8:37 AM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
> > On Fri, 2009-10-16 at 12:58 +0100, Dave Page wrote:
> >> I think that covers all the suggestions discussed over the last couple
> >> of days, with the exception of the rejection of \n and similar
> >> characters which I'm still not entirely convinced is worth the effort.
> >> Any other opinions on that? Anything else that should be
> >> added/changed?
> >
> > So this would effectively allow any minimally authorized user to write
> > whatever they want into the log file whenever they want? Doesn't sound
> > very safe to me.
>
> A user can do that anyway if query logging is turned on, but anyway,
> what would you suggest - accept a-zA-Z0-9 and a few other choice
> characters only, or just reject a handful (and if so, what)?

Well, either you make the thing wide open and thus pretty insecure and
unreliable, or you put in arbitrary limits which will possibly upset
many users, or you design some fairly complex rules about what is
allowed or not in what context.

At which point you might realize that you can pretty much do all of this
already in a much better way: Create a user account for each application
or group of applications and assign them the roles that you are
currently using as login users. The user names already show up in all
the places that people want: ps, log, activity tables. And moreover,
the admin can control exactly who is allowed to use what user name in
what context, so there is no log spamming or confusing one's identity.