Tom Lane <[EMAIL PROTECTED]> wrote: > We don't have any system-wide names for statements, so this seems > pretty ill-defined and of questionable value. Showing the text of > statements in a view also has security problems.
I found we can execute prepared statements and view the sql source through pg_prepared_statements even after we execute SET SESSION AUTHORIZATION. Is this an expected behavior? It is not a problem in normal use because the *real* user is same before and after changing ROLEs, but we should be careful about sharing connections between different users in connection pooling. Almost connection poolings don't do that, though. Regards, --- ITAGAKI Takahiro NTT Open Source Software Center -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
