Re: Information of pg_stat_ssl visible to all users

On 8/31/15 9:13 AM, Andres Freund wrote:
> I'm just saying that we should strive to behave at least somewhat
> consistently, and change everything at once, not piecemal. Because the
> latter will not decrease the pain of migrating to a new model in a
> relevant way while making the system harder to understand.

Well, we already hide a fair chunk of information from pg_stat_activity
from unprivileged users, including everything related to the connection
origin of other users.  So from that precedent, the entire SSL
information ought to be considered privileged.