On 8/1/24 07:17, Laurenz Albe wrote:
On Wed, 2024-07-31 at 14:43 -0400, Joe Conway wrote:
I still maintain that there is a whole host of users that would accept
the risk of side channel attacks via existence of an error or not, if
they could only be sure nothing sensitive leaks directly into the logs
or to the clients. We should give them that choice.
I think that you are right.
thanks
But what do you tell the users who would not accept that risk?
Document that the option should not be used if that is the case
¯\_(ツ)_/¯
--
Joe Conway
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com
