| From: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Matheus Alcantara <matheusssilv97(at)gmail(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Redact user password on pg_stat_statements |
| Date: | 2025-02-24 16:04:36 |
| Message-ID: | 9e4975ae-6c51-4307-a273-16fe5c033b15@eisentraut.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 21.02.25 17:38, Andrew Dunstan wrote:
> I don't think this is such a terrible kluge. I think it's different from
> the server log case, which after all requires access to the server file
> system to exploit.
To me, the mechanism by which this patch works is completely nonobvious
and coincidental, and it might get broken by unrelated changes.
I think a possible, more robust approach would be to put a field, say,
security_sensitive into DefElem (or maybe a higher node, maybe even
Query), and drive decisions from that.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Jackson | 2025-02-24 16:07:33 | Re: Add Option To Check All Addresses For Matching target_session_attr |
| Previous Message | Andres Freund | 2025-02-24 15:50:21 | Re: GetRelationPath() vs critical sections |