> On 17 Mar 2025, at 16:48, Jacob Champion <jacob.champ...@enterprisedb.com> > wrote: > > On Sun, Mar 16, 2025 at 6:49 AM Daniel Gustafsson <dan...@yesql.se> wrote: >> IIRC the reasoning has been that if a rogue user can inject an environment >> variable into your session and read your files it's probably game over >> anyways. > > (Personally I'm no longer as convinced by this line of argument as I > once was...)
Since there is disagreement over this, we should either 1) go ahead with the latest patch without an env var and revisit the discussion during v19; 2) adding the env var back into the patch as PGSSLKEYLOGFILE or; 3) postponing all of this till v19? Personally I think this feature has enough value even without the env var to not postpone it, especially since adding an env var in 19 will still be backwards compatible. I would go for option 1 to stay on the safe side and allow time for proper discussion, any other thoughts? -- Daniel Gustafsson
