From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
---|---|
To: | Jim Nasby <Jim(dot)Nasby(at)bluetreble(dot)com> |
Cc: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Provide list of subscriptions and publications in psql's completion |
Date: | 2017-02-15 04:56:23 |
Message-ID: | CAB7nPqQx1HO6ZaaMyNpL1q3jpf_u+i=ZXt=33AMub3es+9h3jw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, Feb 15, 2017 at 3:18 AM, Jim Nasby <Jim(dot)Nasby(at)bluetreble(dot)com> wrote:
> Why not do what we do for pg_stat_activity.current_query and leave it NULL for non-SU?
If subcriptions are designed to be superuser-only, it seems fair to me
to do so. Some other system SRFs do that already.
> Even better would be if we could simply strip out password info. Presumably
> we already know how to parse the contents, so I'd think that shouldn't be
> that difficult.
I thought that this was correctly clobbered... But... No that's not
the case by looking at the code. And honestly I think that it is
unacceptable to show potentially security-sensitive information in
system catalogs via a connection string. We are really careful about
not showing anything bad in pg_stat_wal_receiver, which also sets to
NULL fields for non-superusers and even clobbered values in the
printed connection string for superusers, but pg_subscription fails on
those points.
I am adding an open item on the wiki regarding that. FWIW, a patch
needs to refactor libpqrcv_check_conninfo and libpqrcv_get_conninfo so
as the connection string build of PQconninfoOption data goes through
the same process. If everybody agrees on those lines, I have no
problems in producing a patch.
--
Michael
From | Date | Subject | |
---|---|---|---|
Next Message | neha khatri | 2017-02-15 05:02:14 | Re: bytea_output vs make installcheck |
Previous Message | Tom Lane | 2017-02-15 04:55:45 | Re: operator_precedence_warning vs make installcheck |