All,
* Robert Haas (robertmhaas@gmail.com) wrote:
> You could do something like that, I guess, but I think it might be a
> good idea to wait and see if anyone else has opinions on (1) the
> desirability of the basic feature, (2) the severity of the security
> hazard it creates, and (3) your proposed remediation method.
[...]
> Hey, everybody: chime in here...
The feature strikes me as pretty reasonable to have and the pghoard
example shows that it can be quite handy in some circumstances. I don't
see much merit behind the security concern raised- the file in question
would have to have the correct format and you would have to be
connecting to a system listed in that file for any disclosure to happen,
no? As such, I don't know that any remediation is necessary for this.
Thanks!
Stephen
