On Mon, Jan 18, 2016 at 7:42 PM, Michael Paquier <michael.paqu...@gmail.com> wrote: >> Yeah, I really don't see anything in the pg_controldata output that >> looks sensitive. The WAL locations are the closest of anything, >> AFAICS. > > The system identifier perhaps? I honestly don't have on top of my head > a way to exploit this information but leaking that at SQL level seems > sensible: that's a unique identifier of a Postgres instance used when > setting up a cluster after all.
I think you are confusing useful information with security-sensitive information. The system identifier may be useful, but if you can't use it to compromise something, it's not security-sensitive. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
