Quick Links

pg_stat_replication security

From:	Magnus Hagander <magnus(at)hagander(dot)net>
To:	PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject:	pg_stat_replication security
Date:	2011-01-16 14:35:34
Message-ID:	AANLkTinzW8H22DAUsEdCbNR+sHOiSOe3THOXXwgaYO5z@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

pg_stat_replication shows all replication information to all users, no
requirement to be a superuser or anything. That leaks a bunch of
information that regular pg_stat_activity doesn't - such as clients IP
addresses. And also of course all the replication info itself, which
may or may not be a problem.

I suggest pg_stat_replication do just like pg_stat_activity, which is
return NULL in most fields if the user isn't
(superuser||same_user_as_that_session).

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

Responses

Re: pg_stat_replication security at 2011-01-16 20:51:56 from Josh Berkus

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Magnus Hagander	2011-01-16 14:41:14	walreceiver fallback_application_name
Previous Message	Magnus Hagander	2011-01-16 14:31:50	Re: pg_basebackup for streaming base backups