Home > mailing lists

pg_stat_replication security - Mailing list pgsql-hackers

From	Magnus Hagander
Subject	pg_stat_replication security
Date	January 16, 2011 13:35:42
Msg-id	AANLkTinzW8H22DAUsEdCbNR+sHOiSOe3THOXXwgaYO5z@mail.gmail.com Whole thread Raw
Responses	Re: pg_stat_replication security (Josh Berkus <josh@agliodbs.com>)
List	pgsql-hackers

Tree view

pg_stat_replication shows all replication information to all users, no
requirement to be a superuser or anything. That leaks a bunch of
information that regular pg_stat_activity doesn't - such as clients IP
addresses. And also of course all the replication info itself, which
may or may not be a problem.

I suggest pg_stat_replication do just like pg_stat_activity, which is
return NULL in most fields if the user isn't
(superuser||same_user_as_that_session).


--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

pgsql-hackers by date:

From: Magnus Hagander
Date: 16 January 2011, 13:32:00
Subject: Re: pg_basebackup for streaming base backups

From: Magnus Hagander
Date: 16 January 2011, 13:41:22
Subject: walreceiver fallback_application_name

pg_stat_replication security - Mailing list pgsql-hackers

Previous

Next