Quick Links

Re: Is this a bug, possible security hole, or wrong

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Mike Mascari <mascarm(at)mascari(dot)com>
Cc:	Sander Steffann <sander(at)steffann(dot)nl>, pgsql-general(at)postgresql(dot)org
Subject:	Re: Is this a bug, possible security hole, or wrong
Date:	2002-06-13 13:43:56
Message-ID:	18875.1023975836@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Mike Mascari <mascarm(at)mascari(dot)com> writes:
> If a user has permissions to write PL/SQL functions, and the statistics
> collector is running with STATS_COMMAND_STRING = true, could not that
> user "log" other users' queries using the same technique I described by
> querying pg_stat_activity?

Not unless he's superuser.

regards, tom lane

In response to

Re: Is this a bug, possible security hole, or wrong at 2002-06-13 11:45:37 from Mike Mascari

Browse pgsql-general by date

	From	Date	Subject
Next Message	Thomas Lockhart	2002-06-13 13:51:35	Re: automatic time zone conversion
Previous Message	Mike Mascari	2002-06-13 13:39:07	Re: Is this a bug, possible security hole, or wrong