Peter Eisentraut <> writes:
> On 6/20/16 10:29 PM, Tom Lane wrote:
>> What I would want to know is whether this specific change is actually a
>> good idea.  In particular, I'm concerned about the possible security
>> implications of exposing primary_conninfo --- might it not contain a
>> password, for example?

> That would have been my objection.  This was also mentioned in the 
> context of moving recovery.conf settings to postgresql.conf, because 
> then the password would become visible in SHOW commands and the like.

> Alternatively or additionally, implement a way to strip passwords out of 
> conninfo information.  libpq already has information about which 
> connection items are sensitive.

Yeah, I'd been wondering whether we could parse the conninfo string into
individual fields and then drop the password field.  It's hard to see a
reason why this view needs to show passwords, since presumably everything
in it corresponds to successful connections --- if your password is wrong,
you aren't in it.

                        regards, tom lane

Sent via pgsql-hackers mailing list (
To make changes to your subscription:

Reply via email to