> On 17 Mar 2025, at 16:48, Jacob Champion <jacob.champion@enterprisedb.com> wrote:
>
> On Sun, Mar 16, 2025 at 6:49 AM Daniel Gustafsson <daniel@yesql.se> wrote:
>> IIRC the reasoning has been that if a rogue user can inject an environment
>> variable into your session and read your files it's probably game over anyways.
>
> (Personally I'm no longer as convinced by this line of argument as I
> once was...)
Since there is disagreement over this, we should either 1) go ahead with the
latest patch without an env var and revisit the discussion during v19; 2)
adding the env var back into the patch as PGSSLKEYLOGFILE or; 3) postponing all
of this till v19?
Personally I think this feature has enough value even without the env var to
not postpone it, especially since adding an env var in 19 will still be
backwards compatible. I would go for option 1 to stay on the safe side and
allow time for proper discussion, any other thoughts?
--
Daniel Gustafsson
