Fujii Masao wrote:
> On Wed, Jun 29, 2016 at 12:23 PM, Alvaro Herrera
> <alvhe...@2ndquadrant.com> wrote:
> > Michael Paquier wrote:
> >> On Wed, Jun 29, 2016 at 6:42 AM, Alvaro Herrera
> >> <alvhe...@2ndquadrant.com> wrote:
> >
> >> > I have already edited the patch following some of these ideas.  Will
> >> > post a new version later.
> >>
> >> Cool, thanks.
> >
> > Here it is.  I found it was annoying to maintain the function return
> > tupdesc in two places (pg_proc.h and the function code itself), so I
> > changed that too.
> 
> ISTM that pg_stat_wal_receiver can return the security-sensitive fields
> if it's viewed before walreceiver overwrites the conninfo in the shared memory
> with the obfuscated one.

Hmm, ouch.  Maybe we can set a flag once the conninfo has been
obfuscated, and put the function to sleep until the flag is set.

-- 
Álvaro Herrera                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to