| From: | Don Seiler <don(at)seiler(dot)us> |
|---|---|
| To: | Cory Nemelka <cnemelka(at)gmail(dot)com> |
| Cc: | Shreeyansh Dba <shreeyansh2014(at)gmail(dot)com>, Mark Steben <mark(dot)steben(at)drivedominion(dot)com>, pgsql-admin <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: who can view pg_stat_activity? |
| Date: | 2018-02-07 17:37:48 |
| Message-ID: | CAHJZqBDPCQ+9WahY4mpo98zXhf6UV1N1C61-D=5f5x0i4P52GQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Wed, Feb 7, 2018 at 11:34 AM, Cory Nemelka <cnemelka(at)gmail(dot)com> wrote:
> this seems to be a security hole. this means I can see query text for
> queries that aren't mine. anyone else concerned?
>
> --cnemelka
>
> On Wed, Feb 7, 2018 at 10:17 AM, Shreeyansh Dba <shreeyansh2014(at)gmail(dot)com>
> wrote:
>
>> Hi Mark Steben,
>>
>> There is no superuser required to view pg_stat_activity, a normal user
>> can also view or access.
>>
>
I believe Shreeyansh is incorrect. You can view some fields as a normal
user but you can't view query text (in addition to some others) unless you
are superuser, or perhaps the new monitoring role in Pg10.
Don.
--
Don Seiler
www.seiler.us
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Cory Nemelka | 2018-02-07 17:38:47 | Re: who can view pg_stat_activity? |
| Previous Message | Cory Nemelka | 2018-02-07 17:34:06 | Re: who can view pg_stat_activity? |