Re: who can view pg_stat_activity?

this seems to be a security hole. this means I can see query text for
queries that aren't mine. anyone else concerned?

--cnemelka

On Wed, Feb 7, 2018 at 10:17 AM, Shreeyansh Dba <shreeyansh2014(at)gmail(dot)com>
wrote:

> Hi Mark Steben,
>
> There is no superuser required to view pg_stat_activity, a normal user can
> also view or access.
>
>
> <http://www.shreeyansh.com>
>
> On Wed, Feb 7, 2018 at 10:27 PM, Mark Steben <
> mark(dot)steben(at)drivedominion(dot)com> wrote:
>
>> Good morning,
>>
>> We currently run postgres 9.4. The only way to view the pg_stat_activity
>> view that I can see is that you must be a superuser. I couldn't find
>> anything in the documentation to confirm or refute this. Could you please
>> confirm if this is true or if not, what privileges are required?
>>
>> Thank you for your time.
>>
>>
>> --
>> *Mark Steben*
>> Database Administrator
>> @utoRevenue <http://www.autorevenue.com/> | Autobase
>> <http://www.autobase.net/>
>> CRM division of Dominion Dealer Solutions
>> 95D Ashley Ave.
>> <https://maps.google.com/?q=95D+Ashley+Ave.+West+Springfield,+MA+01089&entry=gmail&source=g>
>> West Springfield, MA 01089
>> <https://maps.google.com/?q=95D+Ashley+Ave.+West+Springfield,+MA+01089&entry=gmail&source=g>
>> t: 413.327-3045
>> f: 413.383-9567
>>
>> www.fb.com/DominionDealerSolutions
>> www.twitter.com/DominionDealer
>> www.drivedominion.com <http://www.autorevenue.com/>
>>
>> <http://autobasedigital.net/marketing/DD12_sig.jpg>
>>
>>
>>
>>
>> <http://www.drivedominion.com/transform-your-vue/>
>
>
>