cameleer/cameleer-server
1
0
Fork 0
Code Issues 44 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: scope pg_stat_activity queries by ApplicationName for tenant isolation
Some checks failed
CI / cleanup-branch (push) Has been skipped
Details
CI / build (push) Failing after 36s
Details
CI / docker (push) Has been skipped
Details
CI / deploy (push) Has been skipped
Details
CI / deploy-feature (push) Has been skipped
Details

Browse Source 
DatabaseAdminController's active-queries and kill-query endpoints could
expose SQL text from other tenants sharing the same PostgreSQL instance.
Added ApplicationName=tenant_{id} to the JDBC URL and filter
pg_stat_activity by application_name so each tenant only sees its own
connections.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-14 23:51:13 +02:00
parent c33b2a9048
commit 7a63135d26
5 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cameleer3-server-app/src/main/resources/application.yml
View File

@@ -7,7 +7,7 @@ spring:
max-file-size: 200MB
max-request-size: 200MB
datasource:
url: ${SPRING_DATASOURCE_URL:jdbc:postgresql://localhost:5432/cameleer3?currentSchema=tenant_${cameleer.server.tenant.id}}
url: ${SPRING_DATASOURCE_URL:jdbc:postgresql://localhost:5432/cameleer3?currentSchema=tenant_${cameleer.server.tenant.id}&ApplicationName=tenant_${cameleer.server.tenant.id}}
username: ${SPRING_DATASOURCE_USERNAME:cameleer}
password: ${SPRING_DATASOURCE_PASSWORD:cameleer_dev}
driver-class-name: org.postgresql.Driver