Re: pg_stat_replication security
Itagaki Takahiro <itagaki.takahiro@gmail.com>
From: Itagaki Takahiro <itagaki.takahiro@gmail.com>
To: Magnus Hagander <magnus@hagander.net>
Cc: Josh Berkus <josh@agliodbs.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2011-01-17T11:11:04Z
Lists: pgsql-hackers
On Mon, Jan 17, 2011 at 19:51, Magnus Hagander <magnus@hagander.net> wrote: > Here's a patch that limits it to superuser only. We can't easily match > it to the user of the session given the way the walsender data is > returned - it doesn't contain the user information. But limiting it to > superuser only seems perfectly reasonable and in line with the > encouragement not to use the replication user for login. > > Objections? It hides all fields in pg_stat_wal_senders(). Instead, can we just revoke usage of the function and view? Or, do we have some plans to add fields which normal users can see? -- Itagaki Takahiro