Re: restrict pg_stat_ssl to superuser?

Peter Eisentraut <peter.eisentraut@2ndquadrant.com>

From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: Michael Paquier <michael@paquier.xyz>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-02-19T15:57:52Z
Lists: pgsql-hackers
On 2019-02-18 04:58, Michael Paquier wrote:
> On Fri, Feb 15, 2019 at 02:04:59PM +0100, Peter Eisentraut wrote:
>> We could remove default privileges from pg_stat_get_activity().  Would
>> that be a problem?
> 
> I don't think so, still I am wondering about the impact that this
> could have for monitoring tools calling it directly as we document
> it.. 

Actually, this approach isn't going to work anyway, because function
permissions in a view are checked as the current user, not the view owner.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services


Commits

  1. Hide other user's pg_stat_ssl rows

  2. doc: Add security information about pg_stat_activity