On Fri, Sep 16, 2011 at 1:13 PM, Peter Eisentraut <pete...@gmx.net> wrote:
> On fre, 2011-09-16 at 01:32 -0400, Tom Lane wrote:
>> As far as the other issues go, I think there is actually a
>> prerequisite
>> discussion to be had here, which is whether we are turning the
>> recovery
>> parameters into plain old GUCs or not.  If they are plain old GUCs,
>> then
>> they will presumably still have their values when we are *not* doing
>> recovery.  That leads to a couple of questions:
>> * will seeing these values present in pg_settings confuse anybody?
> How so?  We add or change the available parameters all the time.
>> * can the values be changed when not in recovery, if so what happens,
>>   and again will that confuse anybody?
> Should be similar to archive_command and archive_mode.  You can still
> see and change archive_command when archive_mode is off.

I do think special handling would be useful here, of some kind. We
could reset them as well, if we wished, but that is probably more
trouble than is worth.

Perhaps we need a new SCOPE attribute on pg_settings to show whether
the parameter applies in recovery, in normal or both.

>> * is there any security hazard from ordinary users being able to see
>>   what settings had been used?
> Again, not much different from the archive_* settings.  They are, after
> all, almost the same in the opposite direction.

There is a potential security hole if people hardcode passwords into
primary_conninfo. As long as we document not to do that, we're OK.

 Simon Riggs                   http://www.2ndQuadrant.com/
 PostgreSQL Development, 24x7 Support, Training & Services

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to