Michael Paquier <michael.paqu...@gmail.com> writes: > On Tue, Jun 21, 2016 at 11:29 AM, Tom Lane <t...@sss.pgh.pa.us> wrote: >> What I would want to know is whether this specific change is actually a >> good idea. In particular, I'm concerned about the possible security >> implications of exposing primary_conninfo --- might it not contain a >> password, for example?
> Yes it could, as a connection string, but we make the information of > this view only visible to superusers. For the others, that's just > NULL. Well, that's okay for now, but I'm curious to hear Stephen Frost's opinion on this. He's been on the warpath to decrease our dependence on superuser-ness for protection purposes. Seems to me that having one column in this view that is a lot more security-sensitive than the others is likely to be an issue someday. regards, tom lane -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers