Re: restrict pg_stat_ssl to superuser?

Michael Paquier <michael@paquier.xyz>

From: Michael Paquier <michael@paquier.xyz>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-02-12T06:40:07Z
Lists: pgsql-hackers
On Thu, Feb 07, 2019 at 09:30:38AM +0100, Peter Eisentraut wrote:
> If so, is there anything in that view that should be made available to
> non-superusers?  If not, then we could perhaps do this via a simple
> permission change instead of going the route of blanking out individual
> columns.

Hm.  It looks sensible to move to a per-permission approach for that
view.  Now, pg_stat_get_activity() is not really actually restricted,
and would still return the information on direct calls, so the idea
would be to split the SSL-related data into its own function?
--
Michael

Commits

  1. Hide other user's pg_stat_ssl rows

  2. doc: Add security information about pg_stat_activity