Re: Patch proposal: New hooks in the connection path

Brindle, Joshua <joshuqbr@amazon.com>

From: "Brindle, Joshua" <joshuqbr@amazon.com>
To: Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>, "Drouvot, Bertrand" <bdrouvot@amazon.com>
Cc: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2022-07-05T13:27:06Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Add pg_stat_database counters for sessions and session time

On 6/30/22 5:23 AM, Bharath Rupireddy wrote:
> <snip>
> On the security aspect, we must ensure we don't leak any sensitive
> information such as password or SSH key to the new hook - if PGPORT
> has this information, maybe we need to mask that structure a bit
> before handing it off to the hook.

Can you elaborate more on why you see this as necessary? Extensions run 
in-process and have no real memory access limits, "masking", which 
really means copying data to another struct, is just extra work and 
overhead with no actual security gain, IMO.