| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Abhishek Chanda <abhishek(dot)becs(at)gmail(dot)com>, Álvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> |
| Subject: | Re: Adding support for SSLKEYLOGFILE in the frontend |
| Date: | 2025-04-14 20:16:38 |
| Message-ID: | E773D865-F919-4D5B-A248-57A1092E7B28@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 9 Apr 2025, at 20:45, Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
>
>> On 9 Apr 2025, at 20:41, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> wrote:
>>
>> Hello,
>>
>> On Thu, Apr 3, 2025 at 8:51 AM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
>>> Committed, after another round of testing and looking.
>>
>> I think we may want to consider marking sslkeylogfile as a debug
>> option (that is, opt->dispchar = "D") in fe-connect.c. Besides being a
>> true "debug option", this would also prevent a relatively unprivileged
>> user of postgres_fdw or dblink from logging the backend connection's
>> keys. WDYT?
>
> I think that sounds like a good idea, unless anyone thinks otherwise I'll go
> ahead and make it so.
Just to close the loop, this was done yesterday as 2970c75dd982.
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jacob Champion | 2025-04-14 20:17:13 | Re: [PoC] Federated Authn/z with OAUTHBEARER |
| Previous Message | Andrew Dunstan | 2025-04-14 20:14:37 | Re: pgsql: Non text modes for pg_dumpall, correspondingly change pg_restore |