| From: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
|---|---|
| To: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com> |
| Cc: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Tatsuo Ishii <ishii(at)postgresql(dot)org>, Vik Fearing <vik(at)2ndquadrant(dot)fr>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: primary_conninfo missing from pg_stat_wal_receiver |
| Date: | 2016-06-29 21:01:23 |
| Message-ID: | 20160629210123.GA210205@alvherre.pgsql |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Alvaro Herrera wrote:
> I propose to push this patch, closing the open item, and you can rework
> on top -- I suppose you would completely remove the original conninfo
> from shared memory and instead only copy the obfuscated version there
> (and probably also remove the ready_to_display flag). I think we'd need
> to see the patch before deciding whether we want it in 9.6 or not,
> keeping in mind that having the conninfo in shared memory is a
> pre-existing problem, unrelated to the pgstats view new in 9.6.
Pushed this. Feel free to tinker further with it, if you feel the need
to.
Regarding backpatching the clearing of shared memory, I'm inclined not
to. If there is a real security concern there (I'm unsure what attack
are we protecting against), it may be better fixed by the approach
suggested by Fujii whereby the sensitive info is not ever published in
shared memory.
--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2016-06-29 21:18:49 | Re: primary_conninfo missing from pg_stat_wal_receiver |
| Previous Message | Piotr Stefaniak | 2016-06-29 20:35:41 | Re: A couple of cosmetic changes around shared memory code |