On 19/02/17 00:02, Michael Paquier wrote:
> On Sat, Feb 18, 2017 at 11:57 PM, Petr Jelinek
> <petr.jelinek@2ndquadrant.com> wrote:
>> On 15/02/17 05:56, Michael Paquier wrote:
>>> I thought that this was correctly clobbered... But... No that's not
>>> the case by looking at the code. And honestly I think that it is
>>> unacceptable to show potentially security-sensitive information in
>>> system catalogs via a connection string. We are really careful about
>>> not showing anything bad in pg_stat_wal_receiver, which also sets to
>>> NULL fields for non-superusers and even clobbered values in the
>>> printed connection string for superusers, but pg_subscription fails on
>>> those points.
>>>
>>
>> I am not following here, pg_subscription is currently superuser only
>> catalog, similarly to pg_user_mapping, there is no leaking.
>
> Even if it is a superuser-only view, pg_subscription does not hide
> sensitive values in connection strings while it should. See similar
It's not a view it's system catalog which actually stores the data, how
would it hide anything?
-- Petr Jelinek http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training &
Services