2009/10/19 Dave Page <dp...@pgadmin.org>: > On Mon, Oct 19, 2009 at 8:37 AM, Peter Eisentraut <pete...@gmx.net> wrote: >> On Fri, 2009-10-16 at 12:58 +0100, Dave Page wrote: >>> I think that covers all the suggestions discussed over the last couple >>> of days, with the exception of the rejection of \n and similar >>> characters which I'm still not entirely convinced is worth the effort. >>> Any other opinions on that? Anything else that should be >>> added/changed? >> >> So this would effectively allow any minimally authorized user to write >> whatever they want into the log file whenever they want? Doesn't sound >> very safe to me. > > A user can do that anyway if query logging is turned on, but anyway, > what would you suggest - accept a-zA-Z0-9 and a few other choice > characters only, or just reject a handful (and if so, what)?
I dislike write access to app name guc for user too. It's not safe. Maybe only super user can do it? Regards Pavel Stehule > > > -- > Dave Page > EnterpriseDB UK: http://www.enterprisedb.com > > -- > Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-hackers > -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers