pg_stat_replication security - Mailing list pgsql-hackers

From Magnus Hagander
Subject pg_stat_replication security
Date
Msg-id AANLkTinzW8H22DAUsEdCbNR+sHOiSOe3THOXXwgaYO5z@mail.gmail.com
Whole thread Raw
Responses Re: pg_stat_replication security
List pgsql-hackers
pg_stat_replication shows all replication information to all users, no
requirement to be a superuser or anything. That leaks a bunch of
information that regular pg_stat_activity doesn't - such as clients IP
addresses. And also of course all the replication info itself, which
may or may not be a problem.

I suggest pg_stat_replication do just like pg_stat_activity, which is
return NULL in most fields if the user isn't
(superuser||same_user_as_that_session).


--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/


pgsql-hackers by date:

Previous
From: Magnus Hagander
Date:
Subject: Re: pg_basebackup for streaming base backups
Next
From: Magnus Hagander
Date:
Subject: walreceiver fallback_application_name