* Robert Haas (robertmhaas@gmail.com) wrote:
> On Mon, Jan 18, 2016 at 4:43 AM, Andres Freund <andres@anarazel.de> wrote:
> > Meh, that seems pretty far into pseudo security arguments.
>
> Yeah, I really don't see anything in the pg_controldata output that
> looks sensitive. The WAL locations are the closest of anything,
> AFAICS.
Heikki already showed how the WAL location information could be
exploited if compression is enabled.
I believe that's something we should care about and fix in one way or
another (my initial approach was using defualt roles, but using the ACL
system and starting out w/ no rights granted to that function also
works).
Thanks!
Stephen