On 15/02/17 05:56, Michael Paquier wrote:
> On Wed, Feb 15, 2017 at 3:18 AM, Jim Nasby <jim.na...@bluetreble.com> wrote:
>> Why not do what we do for pg_stat_activity.current_query and leave it NULL 
>> for non-SU?
> If subcriptions are designed to be superuser-only, it seems fair to me
> to do so. Some other system SRFs do that already.
>> Even better would be if we could simply strip out password info. Presumably
>> we already know how to parse the contents, so I'd think that shouldn't be
>> that difficult.
> I thought that this was correctly clobbered... But... No that's not
> the case by looking at the code. And honestly I think that it is
> unacceptable to show potentially security-sensitive information in
> system catalogs via a connection string. We are really careful about
> not showing anything bad in pg_stat_wal_receiver, which also sets to
> NULL fields for non-superusers and even clobbered values in the
> printed connection string for superusers, but pg_subscription fails on
> those points.

I am not following here, pg_subscription is currently superuser only
catalog, similarly to pg_user_mapping, there is no leaking.

  Petr Jelinek                  http://www.2ndQuadrant.com/
  PostgreSQL Development, 24x7 Support, Training & Services

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to