Re: exposing pg_controldata and pg_config as functions

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/26/2015 06:33 AM, Stephen Frost wrote:
> * Joe Conway (mail(at)joeconway(dot)com) wrote:
>> Issues needing comment: a.) Which items need hiding from
>> non-superusers and should the value be redacted or the entire
>> result set row be suppressed?
>
> I'm of the opinion that we need to at least redact it and that what
> we should do is simply suppress the entire result set until we
> provide a way for administrators to manage who can access it (eg:
> default roles, this one would fall under 'pg_monitor', imo).

Whatever it is it would have to be available during initdb. And in any
case I'm no closer to knowing which rows to hide/redact/suppress other
than WAL position. Possibly the thing to do for now would be to revoke
public from these?

Joe
- --
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJV3c3nAAoJEDfy90M199hlMnYQAJliTc7bJTCndMQ0emN6xV55
DqODtxABxh3kqPmWcvSO08dSZ5yHpCKYgIm8OmRIpfDUwNID1uBXsO5pRd1XVzLr
42OmQ9QauAZ9+f/Rea668U/zgzhnIJXdVsFfAmum516UoR3W1rqW5ggPKgN5YDhC
9Z6ikL1fs6l6l1yrvaefbepS1FLx6wDplhctN+hbEdHw9gwAf67fv7ncaPZ4BRyc
hogL4mXoz0fFQz7RDvnR2g0uu17k3imbwzqGiyJwH4+9cfnNLWrBXupKwC06ufWF
t3cLh4lLTUhx/2amB0qKMQp1MgVs6r70f5ciFTWvaO0nro0wSGHnIsnqFDOfnv2X
kctZreHs7gDAFXWM4Qp45oxTHy6Lfce75IvDfZGZ3y8NOhEHZDqJs6VIdOgCu4h0
RkJE/RrRz7ZtMAhyokxWMZvffYRutLPbXAUvg6TBeDVy1T7SKoQK81IBz/Nkd+Bm
WkB/EFklUZw/B2HnDpXRV3tdjAzMAJw22bQi0Y7515K25w7NC2nquzX1eBMGmaqe
yDf/gobFg601E9WMjaNoxMGy3Niigk46UsQLGT7RJ/ciojY1gGQh/qd4b1BeJpM0
kRmj0Jsyn0cO8hs6h7jBNBVJjlBhr9ijd4tWaZAk9XqLExPPmGunhcoOMf6ttmvy
533U1P2OKyGBZZissMd4
=dlGD
-----END PGP SIGNATURE-----