> On 14 Mar 2025, at 15:27, Peter Eisentraut <pe...@eisentraut.org> wrote: > > On 13.03.25 19:31, Tom Lane wrote: >> Jacob Champion <jacob.champ...@enterprisedb.com> writes: >>> Adding the PG prefix to the envvar name addresses my collision >>> concern, but I think Tom's comment upthread [1] was saying that we >>> should not provide any envvar at all: >>>> I think it might be safer if we only accepted it as a connection >>>> parameter and not via an environment variable. >>> Is the addition of the PG prefix enough to address that concern too? >> Indeed, I was advocating for *no* environment variable. The PG prefix >> does not comfort me. > > It seems to me that the environment variable would be the most useful way to > use this feature, for example if you want to debug an existing program that > you can't or don't want to change. > > As was mentioned earlier, libcurl uses an environment variable for this. > Moreover, the format originated in the NSS library, which also uses an > environment variable. > > So we are here constructing a higher level of security that others don't seem > to have found the need for.
IIRC the reasoning has been that if a rogue user can inject an environment variable into your session and read your files it's probably game over anyways. > It's also possible that we should consider the SSLKEYLOGFILE environment > variable some kind of quasi-standard like PAGER, and we should be using > exactly that environment variable name like everyone else. If we would use the same as others, it would make it harder to do fine-grained debugging of a session -- Daniel Gustafsson