Home > mailing lists

Re: exposing pg_controldata and pg_config as functions - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: exposing pg_controldata and pg_config as functions
Date	February 17, 2016 23:03:01
Msg-id	8073.1455750158@sss.pgh.pa.us Whole thread Raw
In response to	Re: exposing pg_controldata and pg_config as functions (Joe Conway <mail@joeconway.com>)
List	pgsql-hackers

Tree view

Joe Conway <mail@joeconway.com> writes:
> On 02/17/2016 02:14 PM, Tom Lane wrote:
>> I thought we'd agreed on requiring superuser access for this function.
>> I concur that letting just anyone see the config data is inappropriate.

> It does not let anyone see config data out of the box:

> + CREATE VIEW pg_config AS
> +     SELECT * FROM pg_config();
> +
> + REVOKE ALL on pg_config FROM PUBLIC;
> + REVOKE EXECUTE ON FUNCTION pg_config() FROM PUBLIC;

Ah, that's fine.  I'd looked for a superuser() check and not seen one,
but letting the SQL permissions system handle it seems good enough.
        regards, tom lane

pgsql-hackers by date:

From: Andrew Dunstan
Date: 17 February 2016, 22:48:36
Subject: Re: exposing pg_controldata and pg_config as functions

From: xujian
Date: 17 February 2016, 23:30:45
Subject: pglogical - how to use pglogical.conflict_resolution

Re: exposing pg_controldata and pg_config as functions - Mailing list pgsql-hackers

Previous

Next