On Mon, Jan 18, 2016 at 7:42 PM, Michael Paquier
<michael.paqu...@gmail.com> wrote:
>> Yeah, I really don't see anything in the pg_controldata output that
>> looks sensitive.  The WAL locations are the closest of anything,
> The system identifier perhaps? I honestly don't have on top of my head
> a way to exploit this information but leaking that at SQL level seems
> sensible: that's a unique identifier of a Postgres instance used when
> setting up a cluster after all.

I think you are confusing useful information with security-sensitive
information.  The system identifier may be useful, but if you can't
use it to compromise something, it's not security-sensitive.

Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to