On Thu, Jun 30, 2016 at 6:01 AM, Alvaro Herrera <alvhe...@2ndquadrant.com> wrote: > Alvaro Herrera wrote: > >> I propose to push this patch, closing the open item, and you can rework >> on top -- I suppose you would completely remove the original conninfo >> from shared memory and instead only copy the obfuscated version there >> (and probably also remove the ready_to_display flag). I think we'd need >> to see the patch before deciding whether we want it in 9.6 or not, >> keeping in mind that having the conninfo in shared memory is a >> pre-existing problem, unrelated to the pgstats view new in 9.6. > > Pushed this. Feel free to tinker further with it, if you feel the need > to. > > Regarding backpatching the clearing of shared memory, I'm inclined not > to. If there is a real security concern there (I'm unsure what attack > are we protecting against), it may be better fixed by the approach > suggested by Fujii whereby the sensitive info is not ever published in > shared memory.
Yes, this is not going to be pretty invasive anyway. The cleanest way to handle things here would be to refactor a bit xlog.c (xlogparams.c?) so as readRecoveryCommandFile is exposed in its own file, and the recovery parameters are handled in a single structure, which is the return result of the call. To reduce a bit the cruft in xlog.c that would be nice anyway I guess. -- Michael -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
