On 15/02/17 05:56, Michael Paquier wrote: > On Wed, Feb 15, 2017 at 3:18 AM, Jim Nasby <jim.na...@bluetreble.com> wrote: >> Why not do what we do for pg_stat_activity.current_query and leave it NULL >> for non-SU? > > If subcriptions are designed to be superuser-only, it seems fair to me > to do so. Some other system SRFs do that already. > >> Even better would be if we could simply strip out password info. Presumably >> we already know how to parse the contents, so I'd think that shouldn't be >> that difficult. > > I thought that this was correctly clobbered... But... No that's not > the case by looking at the code. And honestly I think that it is > unacceptable to show potentially security-sensitive information in > system catalogs via a connection string. We are really careful about > not showing anything bad in pg_stat_wal_receiver, which also sets to > NULL fields for non-superusers and even clobbered values in the > printed connection string for superusers, but pg_subscription fails on > those points. >
I am not following here, pg_subscription is currently superuser only catalog, similarly to pg_user_mapping, there is no leaking. -- Petr Jelinek http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
