Hi,
On 2019-01-31 16:13:22 +0300, Sergei Kornilov wrote:
> Hello
>
> Yeah, we have no consensus.
>
Are you planning to update the patch? Given there's not been much
progress here, I think we ough tot mark the CF entry as returned with
feedback for now.
> Another open question is about logging new primary_conninfo:
> > LOG: parameter "primary_conninfo" changed to "host=/tmp port=5432 password=hoge"
>
> I my opinion this is not issue, database logs can have sensitive data. User queries, for example.
> If we not want expose such info - it is ok just hide new value from logs with new GUC flag? Or i need implement
maskedconninfo for this purpose?
I agree that this doesn't need to be solved as part of this patch. Given
the config is in the conf file, I don't think it's meaningful to hide
this from the log. If necessary one can use client certs, service files,
etc.
Greetings,
Andres Freund