On 02/17/2016 05:14 PM, Tom Lane wrote:
> Peter Eisentraut <peter_e@gmx.net> writes:
>> On 2/17/16 12:15 PM, Joe Conway wrote:
>>> Ok, removed the documentation on the function pg_config() and pushed.
>> I still have my serious doubts about this, especially not even requiring
>> superuser access for this information. Could someone explain why we
>> need this?
> I thought we'd agreed on requiring superuser access for this function.
> I concur that letting just anyone see the config data is inappropriate.
>
>
I'm in favor, and don't really want to rehearse the argument. But I
think I can live quite happily with it being superuser only. It's pretty
hard to argue that exposing it to a superuser creates much risk, ISTM.
cheers
andrew