On Sun, Jan 17, 2016 at 12:27 AM, Robert Haas <robertmhaas@gmail.com> wrote:
> On Jan 16, 2016, at 9:08 AM, Michael Paquier <michael.paquier@gmail.com> wrote:
>> Just forgot to mention that those new functions should be superuser-only.
>
> I think nobody should ever say this without explaining why. Superuser restrictions are necessary in some cases, but
thefewer of them we have, the better.
The pg_config functions are giving away information about the system
itself, isn't that potentially sensible? The pg_controdata ones show
up information about checkpoint, recovery etc. There are a couple of
fields that could be made completely visible, like the information
defined when running initdb or how the code is compiled like block
size (not the system ID), but we surely do not want to give away
checkpoint and recovery information.
--
Michael