On 02/17/2016 05:14 PM, Tom Lane wrote:
Peter Eisentraut <pete...@gmx.net> writes:
On 2/17/16 12:15 PM, Joe Conway wrote:
Ok, removed the documentation on the function pg_config() and pushed.
I still have my serious doubts about this, especially not even requiring
superuser access for this information.  Could someone explain why we
need this?
I thought we'd agreed on requiring superuser access for this function.
I concur that letting just anyone see the config data is inappropriate.


I'm in favor, and don't really want to rehearse the argument. But I think I can live quite happily with it being superuser only. It's pretty hard to argue that exposing it to a superuser creates much risk, ISTM.



Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to