On Thu, Jul 2, 2015 at 5:40 PM, Peter Eisentraut <pete...@gmx.net> wrote:
> On 6/10/15 2:17 AM, Magnus Hagander wrote: > > AIUI that one was just about the DN field, and not about the rest. If I > > understand you correctly, you are referring to the whole thing, not just > > one field? > > I think at least the DN field shouldn't be visible to unprivileged users. > What's the argument for that? I mean, the DN field is the equivalent of the username, and we show the username in pg_stat_activity already. Are you envisioning a scenario where there is actually something secret in the DN? > > Actually, I think the whole view shouldn't be accessible to unprivileged > users, except maybe your own row. > > I could go for some of the others if we think there's reason, but I don't understand the dn part? I guess there's some consistency in actually blocking exactly everything... -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
