Re: restrict pg_stat_ssl to superuser?
Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: Michael Paquier <michael@paquier.xyz>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-02-19T15:57:52Z
Lists: pgsql-hackers
On 2019-02-18 04:58, Michael Paquier wrote: > On Fri, Feb 15, 2019 at 02:04:59PM +0100, Peter Eisentraut wrote: >> We could remove default privileges from pg_stat_get_activity(). Would >> that be a problem? > > I don't think so, still I am wondering about the impact that this > could have for monitoring tools calling it directly as we document > it.. Actually, this approach isn't going to work anyway, because function permissions in a view are checked as the current user, not the view owner. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Commits
-
Hide other user's pg_stat_ssl rows
- f9692a769b16 12.0 landed
-
doc: Add security information about pg_stat_activity
- 213eae9b8a8a 12.0 landed