| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Tatsuo Ishii <ishii(at)postgresql(dot)org>, Vik Fearing <vik(at)2ndquadrant(dot)fr>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: primary_conninfo missing from pg_stat_wal_receiver |
| Date: | 2016-06-29 22:54:37 |
| Message-ID: | 17523.1467240877@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Michael Paquier <michael(dot)paquier(at)gmail(dot)com> writes:
> On Thu, Jun 30, 2016 at 6:47 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> It strikes me that keeping a password embedded in the conninfo from being
>> exposed might be quite a bit harder/riskier if it became a GUC. Something
>> to keep in mind if we ever try to make that change ...
> Exposing it in memory for a long time is an issue even if we have a
> new GUC-flag to obfuscate the value in some cases..
Well, mumble ... I'm having a hard time understanding the threat model
we're guarding against there. An attacker who can read process memory
can probably read the config file too. I don't mind getting rid of the
in-memory copy if it's painless to do so, but I doubt that it's worth
any large amount of effort.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2016-06-29 22:56:30 | Re: initdb issue on 64-bit Windows - (Was: [pgsql-packagers] PG 9.6beta2 tarballs are ready) |
| Previous Message | Craig Ringer | 2016-06-29 22:45:36 | Re: Improving executor performance |