Fujii Masao wrote: > On Wed, Jun 29, 2016 at 12:23 PM, Alvaro Herrera > <alvhe...@2ndquadrant.com> wrote: > > Michael Paquier wrote: > >> On Wed, Jun 29, 2016 at 6:42 AM, Alvaro Herrera > >> <alvhe...@2ndquadrant.com> wrote: > > > >> > I have already edited the patch following some of these ideas. Will > >> > post a new version later. > >> > >> Cool, thanks. > > > > Here it is. I found it was annoying to maintain the function return > > tupdesc in two places (pg_proc.h and the function code itself), so I > > changed that too. > > ISTM that pg_stat_wal_receiver can return the security-sensitive fields > if it's viewed before walreceiver overwrites the conninfo in the shared memory > with the obfuscated one.
Advertising
Hmm, ouch. Maybe we can set a flag once the conninfo has been obfuscated, and put the function to sleep until the flag is set. -- Álvaro Herrera http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
