Stephen Frost <sfrost@snowman.net> writes:
> * Craig Ringer (craig@2ndquadrant.com) wrote:
>> If you want control over visibility of application_name, it should be
>> done with a column privilige granted to a system role, or something like
>> that - so the ability to see it can be given to "public" on default
>> (thus not breaking BC) and if it's revoked from "public", given to roles
>> that need to see it.
> I agree with this- individuals should be able to control access to this
> information for their databases/clusters.
I think that'd be much more complexity than the case justifies. The
argument that application_name might contain sensitive information seems
ludicrously weak to me: whatever a client is exposing as application_name
is its own darn choice. If you don't like it, go fix the client.
If there is some client library that sets application_name without
allowing the choice to be overridden, then that's a problem with that
library, not with the server's behavior.
regards, tom lane