Bruce Momjian <pgman@candle.pha.pa.us> writes:
> Peter is also concerned if allowing clients to see elog() messages is a
> security problem. Clients can't see postmaster messages because there
> is no client at the time, but backend messages will be visible. I can't
> think of any server log messages that shouldn't be seen by the client.
The only thing I can think of is the detailed authorization-failure
messages that the postmaster has traditionally logged but not sent to
the client. We need to be sure that the client cannot change that
behavior by setting PGOPTIONS. I *think* this is OK, since client
options aren't processed till after the auth cycle finishes --- but
check it. If you are using IsUnderPostmaster to control things then
you might have a problem, because that gets set too soon.
regards, tom lane
