Re: primary_conninfo missing from pg_stat_wal_receiver

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Michael Paquier <michael.paquier@gmail.com>
Cc: Stephen Frost <sfrost@snowman.net>, Tatsuo Ishii <ishii@postgresql.org>, vik@2ndquadrant.fr, PostgreSQL mailing lists <pgsql-hackers@postgresql.org>, Masao Fujii <masao.fujii@gmail.com>
Date: 2016-06-21T02:51:48Z
Lists: pgsql-hackers
Michael Paquier <michael.paquier@gmail.com> writes:
> On Tue, Jun 21, 2016 at 11:29 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> What I would want to know is whether this specific change is actually a
>> good idea.  In particular, I'm concerned about the possible security
>> implications of exposing primary_conninfo --- might it not contain a
>> password, for example?

> Yes it could, as a connection string, but we make the information of
> this view only visible to superusers. For the others, that's just
> NULL.

Well, that's okay for now, but I'm curious to hear Stephen Frost's
opinion on this.  He's been on the warpath to decrease our dependence
on superuser-ness for protection purposes.  Seems to me that having
one column in this view that is a lot more security-sensitive than
the others is likely to be an issue someday.

			regards, tom lane


Commits

  1. Add conninfo to pg_stat_wal_receiver

  2. Only show pg_stat_replication details to superusers