Re: pg_stat_replication security

Itagaki Takahiro <itagaki.takahiro@gmail.com>

From: Itagaki Takahiro <itagaki.takahiro@gmail.com>
To: Magnus Hagander <magnus@hagander.net>
Cc: Josh Berkus <josh@agliodbs.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2011-01-17T11:11:04Z
Lists: pgsql-hackers
On Mon, Jan 17, 2011 at 19:51, Magnus Hagander <magnus@hagander.net> wrote:
> Here's a patch that limits it to superuser only. We can't easily match
> it to the user of the session given the way the walsender data is
> returned - it doesn't contain the user information. But limiting it to
> superuser only seems perfectly reasonable and in line with the
> encouragement not to use the replication user for login.
>
> Objections?

It hides all fields in pg_stat_wal_senders(). Instead, can we just
revoke usage of the function and view?  Or, do we have some plans
to add fields which normal users can see?

-- 
Itagaki Takahiro