Gregory Stark <[EMAIL PROTECTED]> writes:
> "Tom Lane" <[EMAIL PROTECTED]> writes:
>> One thing that I worried about for a little bit is that you can imagine
>> privilege-escalation scenarios.

> Perhaps we should only do this if the current user's ID is the same as the
> outermost session user's ID?

A conservative approach would be to report the query texts *only* in the
server log and never to the client --- this would need a bit of klugery
but seems doable.

                        regards, tom lane

Sent via pgsql-patches mailing list (
To make changes to your subscription:

Reply via email to