| From: | "andres(at)anarazel(dot)de" <andres(at)anarazel(dot)de> |
|---|---|
| To: | Sergei Kornilov <sk(at)zsrv(dot)org> |
| Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, Kyotaro HORIGUCHI <horiguchi(dot)kyotaro(at)lab(dot)ntt(dot)co(dot)jp>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: allow online change primary_conninfo |
| Date: | 2019-02-03 10:52:41 |
| Message-ID: | 20190203105241.4hbq4cyl4hkrgnzq@alap3.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
On 2019-01-31 16:13:22 +0300, Sergei Kornilov wrote:
> Hello
>
> Yeah, we have no consensus.
>
Are you planning to update the patch? Given there's not been much
progress here, I think we ough tot mark the CF entry as returned with
feedback for now.
> Another open question is about logging new primary_conninfo:
> > LOG: parameter "primary_conninfo" changed to "host=/tmp port=5432 password=hoge"
>
> I my opinion this is not issue, database logs can have sensitive data. User queries, for example.
> If we not want expose such info - it is ok just hide new value from logs with new GUC flag? Or i need implement masked conninfo for this purpose?
I agree that this doesn't need to be solved as part of this patch. Given
the config is in the conf file, I don't think it's meaningful to hide
this from the log. If necessary one can use client certs, service files,
etc.
Greetings,
Andres Freund
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2019-02-03 10:58:11 | Re: [PROPOSAL] Shared Ispell dictionaries |
| Previous Message | Andres Freund | 2019-02-03 10:43:24 | Re: [HACKERS] PATCH: multivariate histograms and MCV lists |