| From: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
|---|---|
| To: | Dave Page <dpage(at)pgadmin(dot)org> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Application name patch - v2 |
| Date: | 2009-10-19 07:54:38 |
| Message-ID: | 162867790910190054r636fba2fid5481245fce76129@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
2009/10/19 Dave Page <dpage(at)pgadmin(dot)org>:
> On Mon, Oct 19, 2009 at 8:37 AM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
>> On Fri, 2009-10-16 at 12:58 +0100, Dave Page wrote:
>>> I think that covers all the suggestions discussed over the last couple
>>> of days, with the exception of the rejection of \n and similar
>>> characters which I'm still not entirely convinced is worth the effort.
>>> Any other opinions on that? Anything else that should be
>>> added/changed?
>>
>> So this would effectively allow any minimally authorized user to write
>> whatever they want into the log file whenever they want? Doesn't sound
>> very safe to me.
>
> A user can do that anyway if query logging is turned on, but anyway,
> what would you suggest - accept a-zA-Z0-9 and a few other choice
> characters only, or just reject a handful (and if so, what)?
I dislike write access to app name guc for user too. It's not safe.
Maybe only super user can do it?
Regards
Pavel Stehule
>
>
> --
> Dave Page
> EnterpriseDB UK: http://www.enterprisedb.com
>
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Page | 2009-10-19 08:08:01 | Re: Application name patch - v2 |
| Previous Message | Dave Page | 2009-10-19 07:47:10 | Re: Application name patch - v2 |