Peter Eisentraut <peter.eisentr...@2ndquadrant.com> writes: > On 6/20/16 10:29 PM, Tom Lane wrote: >> What I would want to know is whether this specific change is actually a >> good idea. In particular, I'm concerned about the possible security >> implications of exposing primary_conninfo --- might it not contain a >> password, for example?
> That would have been my objection. This was also mentioned in the > context of moving recovery.conf settings to postgresql.conf, because > then the password would become visible in SHOW commands and the like. > Alternatively or additionally, implement a way to strip passwords out of > conninfo information. libpq already has information about which > connection items are sensitive. Yeah, I'd been wondering whether we could parse the conninfo string into individual fields and then drop the password field. It's hard to see a reason why this view needs to show passwords, since presumably everything in it corresponds to successful connections --- if your password is wrong, you aren't in it. regards, tom lane -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers