Re: Adding support for SSLKEYLOGFILE in the frontend

> On 17 Mar 2025, at 16:48, Jacob Champion <jacob.champion@enterprisedb.com> wrote:
>
> On Sun, Mar 16, 2025 at 6:49 AM Daniel Gustafsson <daniel@yesql.se> wrote:
>> IIRC the reasoning has been that if a rogue user can inject an environment
>> variable into your session and read your files it's probably game over anyways.
>
> (Personally I'm no longer as convinced by this line of argument as I
> once was...)

Since there is disagreement over this, we should either 1) go ahead with the
latest patch without an env var and revisit the discussion during v19; 2)
adding the env var back into the patch as PGSSLKEYLOGFILE or; 3) postponing all
of this till v19?

Personally I think this feature has enough value even without the env var to
not postpone it, especially since adding an env var in 19 will still be
backwards compatible.  I would go for option 1 to stay on the safe side and
allow time for proper discussion, any other thoughts?

--
Daniel Gustafsson