Re: Auto-explain patch

From: ITAGAKI Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
To: Dean Rasheed <dean_rasheed(at)hotmail(dot)com>
Cc: Simon Riggs <simon(at)2ndquadrant(dot)com>, <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Auto-explain patch
Date: 2008-07-09 09:48:57
Message-ID: 20080709183122.5DC2.52131E4D@oss.ntt.co.jp
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers


Dean Rasheed <dean_rasheed(at)hotmail(dot)com> wrote:

> * client_sql_trace = on | off - settable by a normal user to allow a
> client session to see the sql_trace output. If this parameter is on,
> the sql_trace will be logged as NOTICE output.

In terms of security, is it ok to show normal users SQLs used in functions
that are owned by other users? Users can call not-owned functions only if
they have EXECUTE privilege on them. -- presently we can see function
bodies from pg_proc.prosrc freely, though.

Regards,
---
ITAGAKI Takahiro
NTT Open Source Software Center

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tino Wildenhain 2008-07-09 10:32:18 Re: Identifier case folding notes
Previous Message Dean Rasheed 2008-07-09 09:11:38 Re: Auto-explain patch