Home > mailing lists

Permission of prepared statements (was: pg_stat_statements) - Mailing list pgsql-hackers

From	ITAGAKI Takahiro
Subject	Permission of prepared statements (was: pg_stat_statements)
Date	June 16, 2008 08:04:51
Msg-id	20080616162234.752E.52131E4D@oss.ntt.co.jp Whole thread Raw
In response to	Re: pg_stat_statements (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

Tom Lane <tgl@sss.pgh.pa.us> wrote:

> We don't have any system-wide names for statements, so this seems
> pretty ill-defined and of questionable value.  Showing the text of
> statements in a view also has security problems.

I found we can execute prepared statements and view the sql source through
pg_prepared_statements even after we execute SET SESSION AUTHORIZATION.
Is this an expected behavior?

It is not a problem in normal use because the *real* user is same
before and after changing ROLEs, but we should be careful about
sharing connections between different users in connection pooling.
Almost connection poolings don't do that, though.

Regards,
---
ITAGAKI Takahiro
NTT Open Source Software Center

pgsql-hackers by date:

From: Andrew Sullivan
Date: 16 June 2008, 07:21:06
Subject: Re: TODO Item: Allow pg_hba.conf to specify host names along with IP addresses

From: Peter Eisentraut
Date: 16 June 2008, 09:39:12
Subject: Re: TODO Item: Allow pg_hba.conf to specify host names along with IP addresses

Permission of prepared statements (was: pg_stat_statements) - Mailing list pgsql-hackers

Previous

Next