Re: RFC: Logging plan of the running query
torikoshia <torikoshia@oss.nttdata.com>
From: torikoshia <torikoshia@oss.nttdata.com>
To: Laurenz Albe <laurenz.albe@cybertec.at>
Cc: Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>, Pgsql
Hackers <pgsql-hackers@postgresql.org>
Date: 2021-05-13T08:26:20Z
Lists: pgsql-hackers
On 2021-05-13 01:08, Laurenz Albe wrote: > On Wed, 2021-05-12 at 18:03 +0530, Bharath Rupireddy wrote: >> Since it also shows up the full query text and the plan >> in the server log as plain text, there are chances that the sensitive >> information might be logged into the server log which is a risky thing >> from security standpoint. Thanks for the notification! > I think that is irrelevant. > > A superuser can already set "log_statement = 'all'" to get this. > There is no protection from superusers, and it is pointless to require > that. AFAIU, since that discussion is whether or not users other than superusers should be given the privilege to execute the backtrace printing function, I think it might be applicable to pg_log_current_plan(). Since restricting privilege to superusers is stricter, I'm going to proceed as it is for now, but depending on the above discussion, it may be better to change it. Regards, -- Atsushi Torikoshi NTT DATA CORPORATION
Commits
-
Allow GRANT on pg_log_backend_memory_contexts().
- f0b051e322d5 15.0 cited