Michael Paquier <michael.paqu...@gmail.com> writes:
> On Tue, Jun 21, 2016 at 11:29 AM, Tom Lane <t...@sss.pgh.pa.us> wrote:
>> What I would want to know is whether this specific change is actually a
>> good idea.  In particular, I'm concerned about the possible security
>> implications of exposing primary_conninfo --- might it not contain a
>> password, for example?

> Yes it could, as a connection string, but we make the information of
> this view only visible to superusers. For the others, that's just

Well, that's okay for now, but I'm curious to hear Stephen Frost's
opinion on this.  He's been on the warpath to decrease our dependence
on superuser-ness for protection purposes.  Seems to me that having
one column in this view that is a lot more security-sensitive than
the others is likely to be an issue someday.

                        regards, tom lane

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to