On 8/1/24 07:17, Laurenz Albe wrote:
> On Wed, 2024-07-31 at 14:43 -0400, Joe Conway wrote:
>> I still maintain that there is a whole host of users that would accept
>> the risk of side channel attacks via existence of an error or not, if
>> they could only be sure nothing sensitive leaks directly into the logs
>> or to the clients. We should give them that choice.
>
> I think that you are right.
thanks
> But what do you tell the users who would not accept that risk?
Document that the option should not be used if that is the case
¯\_(ツ)_/¯
--
Joe Conway
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com