Mark ssl_passphrase_command as GUC_SUPERUSER_ONLY.
Fujii Masao <fujii@postgresql.org>
Mark ssl_passphrase_command as GUC_SUPERUSER_ONLY. This commit changes the GUC ssl_passphrase_command so that it's examinable by only superuser and a member of pg_read_all_settings. Per discussion, we determined to do this because the parameter may contain a sensitive informtaion like a passphrase itself. Author: Insung Moon Reviewed-by: Keisuke Kuroda Discussion: https://postgr.es/m/CAEMmqBuHVGayc+QkYKgx3gWSdqwTAQGw+0DYn3WhcX-eNa2ntA@mail.gmail.com
Files
| Path | Change | +/− |
|---|---|---|
| src/backend/utils/misc/guc.c | modified | +2 −1 |
Discussion
- Exposure related to GUC value of ssl_passphrase_command 11 messages · 2019-11-05 → 2020-03-09