On 6/30/22 5:23 AM, Bharath Rupireddy wrote:
> <snip>
> On the security aspect, we must ensure we don't leak any sensitive
> information such as password or SSH key to the new hook - if PGPORT
> has this information, maybe we need to mask that structure a bit
> before handing it off to the hook.
Can you elaborate more on why you see this as necessary? Extensions run
in-process and have no real memory access limits, "masking", which
really means copying data to another struct, is just extra work and
overhead with no actual security gain, IMO.