Re: primary_conninfo missing from pg_stat_wal_receiver
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Michael Paquier <michael.paquier@gmail.com>
Cc: Stephen Frost <sfrost@snowman.net>, Tatsuo Ishii <ishii@postgresql.org>,
vik@2ndquadrant.fr,
PostgreSQL mailing lists <pgsql-hackers@postgresql.org>,
Masao Fujii <masao.fujii@gmail.com>
Date: 2016-06-21T02:51:48Z
Lists: pgsql-hackers
Michael Paquier <michael.paquier@gmail.com> writes: > On Tue, Jun 21, 2016 at 11:29 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote: >> What I would want to know is whether this specific change is actually a >> good idea. In particular, I'm concerned about the possible security >> implications of exposing primary_conninfo --- might it not contain a >> password, for example? > Yes it could, as a connection string, but we make the information of > this view only visible to superusers. For the others, that's just > NULL. Well, that's okay for now, but I'm curious to hear Stephen Frost's opinion on this. He's been on the warpath to decrease our dependence on superuser-ness for protection purposes. Seems to me that having one column in this view that is a lot more security-sensitive than the others is likely to be an issue someday. regards, tom lane
Commits
-
Add conninfo to pg_stat_wal_receiver
- 9ed551e0a4fd 9.6.0 landed
-
Only show pg_stat_replication details to superusers
- f88a638199d8 9.1.0 cited