Re: Exposure related to GUC value of ssl_passphrase_command

Поиск
Список
Период
Сортировка
От Michael Paquier
Тема Re: Exposure related to GUC value of ssl_passphrase_command
Дата
Msg-id 20200213033834.GC1520@paquier.xyz
обсуждение исходный текст
Ответ на Re: Exposure related to GUC value of ssl_passphrase_command  (Kyotaro Horiguchi <horikyota.ntt@gmail.com>)
Ответы Re: Exposure related to GUC value of ssl_passphrase_command  (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>)
Список pgsql-hackers
On Thu, Feb 13, 2020 at 11:28:05AM +0900, Kyotaro Horiguchi wrote:
> I think it is reasonable.

Indeed, that makes sense to me as well.  I am adding Peter Eisentraut
in CC as the author/committer of 8a3d942 to comment on that.

> By the way, I'm not sure the criteria of setting a GUC variable as
> GUC_SUPERUSER_ONLY, but for example, ssl_max/min_protocol_version,
> dynamic_library_path, log_directory, krb_server_keyfile,
> data_directory and config_file are GUC_SUPERUSER_ONLY. So, it seems to
> me very strange that ssl_*_file are not. Don't we need to mark them
> maybe and some of the other ssl_* as the same?

This should be a separate discussion IMO.  Perhaps there is a point in
softening or hardening some of them.
--
Michael

Вложения

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Michael Paquier
Дата:
Сообщение: Re: Wait event that should be reported while waiting for WALarchiving to finish
Следующее
От: Michael Paquier
Дата:
Сообщение: Re: Unicode normalization SQL functions