Gregory Stark <stark@enterprisedb.com> writes:
> "Tom Lane" <tgl@sss.pgh.pa.us> writes:
>> One thing that I worried about for a little bit is that you can imagine
>> privilege-escalation scenarios.
> Perhaps we should only do this if the current user's ID is the same as the
> outermost session user's ID?
A conservative approach would be to report the query texts *only* in the
server log and never to the client --- this would need a bit of klugery
but seems doable.
regards, tom lane