Home > mailing lists

Re: Allow pg_read_all_stats to read pg_stat_progress_* - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Allow pg_read_all_stats to read pg_stat_progress_*
Date	April 20, 2020 17:12:11
Msg-id	11247.1587391931@sss.pgh.pa.us Whole thread Raw
In response to	Re: Allow pg_read_all_stats to read pg_stat_progress_* (Stephen Frost <sfrost@snowman.net>)
Responses	Re: Allow pg_read_all_stats to read pg_stat_progress_* (Magnus Hagander <magnus@hagander.net>)
List	pgsql-hackers

Tree view

Stephen Frost <sfrost@snowman.net> writes:
> Ugh.  That doesn't make it correct though..  We really should be using
> has_privs_of_role() for these cases (and that goes for all of the
> default role cases- some of which are correct and others are not, it
> seems).

I have a different concern about this patch: while reading statistical
values is fine, do we REALLY want pg_read_all_stats to enable
pg_stat_get_activity(), ie viewing other sessions' command strings?
That opens security considerations that don't seem to me to be covered
by the description of the role.

            regards, tom lane

pgsql-hackers by date:

From: Antonin Houska
Date: 20 April 2020, 16:56:35
Subject: Re: More efficient RI checks - take 2

From: Magnus Hagander
Date: 20 April 2020, 17:15:10
Subject: Re: Allow pg_read_all_stats to read pg_stat_progress_*

Re: Allow pg_read_all_stats to read pg_stat_progress_* - Mailing list pgsql-hackers

Previous

Next