| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Tatsuo Ishii <ishii(at)postgresql(dot)org>, vik(at)2ndquadrant(dot)fr, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>, Masao Fujii <masao(dot)fujii(at)gmail(dot)com> |
| Subject: | Re: primary_conninfo missing from pg_stat_wal_receiver |
| Date: | 2016-06-21 02:51:48 |
| Message-ID: | 13961.1466477508@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Michael Paquier <michael(dot)paquier(at)gmail(dot)com> writes:
> On Tue, Jun 21, 2016 at 11:29 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> What I would want to know is whether this specific change is actually a
>> good idea. In particular, I'm concerned about the possible security
>> implications of exposing primary_conninfo --- might it not contain a
>> password, for example?
> Yes it could, as a connection string, but we make the information of
> this view only visible to superusers. For the others, that's just
> NULL.
Well, that's okay for now, but I'm curious to hear Stephen Frost's
opinion on this. He's been on the warpath to decrease our dependence
on superuser-ness for protection purposes. Seems to me that having
one column in this view that is a lot more security-sensitive than
the others is likely to be an issue someday.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2016-06-21 03:00:07 | Re: primary_conninfo missing from pg_stat_wal_receiver |
| Previous Message | Michael Paquier | 2016-06-21 02:38:57 | Re: primary_conninfo missing from pg_stat_wal_receiver |