| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Joe Conway <mail(at)joeconway(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: exposing pg_controldata and pg_config as functions |
| Date: | 2015-09-01 01:38:29 |
| Message-ID: | 55E50195.6000308@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 8/24/15 9:50 AM, Tom Lane wrote:
> Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
>> On 08/23/2015 08:58 PM, Michael Paquier wrote:
>>> I think that's a good thing to have, now I have concerns about making
>>> this data readable for non-superusers. Cloud deployments of Postgres
>>> are logically going to block the access of this view.
>
>> I don't think it exposes any information of great security value.
>
> We just had that kerfuffle about whether WAL compression posed a security
> risk; doesn't that imply that at least the data relevant to WAL position
> has to be unreadable by non-superusers?
We already have functions that expose the current (or recent, or
interesting) WAL position, so any new ones should probably follow the
existing ones. Or possibly we don't need any new ones, because we
already have enough?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2015-09-01 01:47:51 | Re: exposing pg_controldata and pg_config as functions |
| Previous Message | Peter Eisentraut | 2015-09-01 01:31:48 | Re: exposing pg_controldata and pg_config as functions |