| From: | Ian Lawrence Barwick <barwick(at)gmail(dot)com> |
|---|---|
| To: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | docs: mention "pg_read_all_stats" in "track_activities" description |
| Date: | 2022-05-20 06:17:29 |
| Message-ID: | CAB8KJ=jhPyYFu-A5r-ZGP+Ax715mUKsMxAGcEQ9Cx_mBAmrPow@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi
Regarding the visibility of query information, the description for
"track_activities" [1] says:
> Note that even when enabled, this information is not visible to all users,
> only to superusers and the user owning the session being reported on, so it
> should not represent a security risk.
[1] https://www.postgresql.org/docs/current/runtime-config-statistics.html#GUC-TRACK-ACTIVITIES
It seems reasonable to mention here that the information is also visible to
members of "pg_read_all_stats", similar to what is done in the
pg_stat_statements
docs [2].
[2] https://www.postgresql.org/docs/current/pgstatstatements.html#PGSTATSTATEMENTS-COLUMNS
Suggested wording:
> Note that even when enabled, this information is only visible to superusers,
> members of the <literal>pg_read_all_stats</literal> role and the user owning
> the session being reported on, so it should not represent a security risk.
Patch (for HEAD) with suggested wording attached; the change should
IMO be applied
all the way back to v10 (though as-is the patch only applies to HEAD,
can provide
others if needed).
Regards
Ian Barwick
--
EnterpriseDB: https://www.enterprisedb.com
| Attachment | Content-Type | Size |
|---|---|---|
| track-activities-pg_read_all_stats.HEAD.diff | text/x-patch | 1.1 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John Naylor | 2022-05-20 06:40:25 | Re: A qsort template |
| Previous Message | David Rowley | 2022-05-20 05:56:06 | PG15 beta1 sort performance regression due to Generation context change |