On Thu, May 13, 2021 at 1:56 PM torikoshia <torikos...@oss.nttdata.com> wrote: > > On 2021-05-13 01:08, Laurenz Albe wrote: > > On Wed, 2021-05-12 at 18:03 +0530, Bharath Rupireddy wrote: > >> Since it also shows up the full query text and the plan > >> in the server log as plain text, there are chances that the sensitive > >> information might be logged into the server log which is a risky thing > >> from security standpoint. > > Thanks for the notification! > > > I think that is irrelevant. > > > > A superuser can already set "log_statement = 'all'" to get this. > > There is no protection from superusers, and it is pointless to require > > that. > > AFAIU, since that discussion is whether or not users other than > superusers > should be given the privilege to execute the backtrace printing > function, > I think it might be applicable to pg_log_current_plan(). > > Since restricting privilege to superusers is stricter, I'm going to > proceed > as it is for now, but depending on the above discussion, it may be > better to > change it.
Yeah, we can keep it as superuser-only for now. Might be unrelated, but just for info - there's another thread "Granting control of SUSET gucs to non-superusers" at [1] discussing the new roles. [1] - https://www.postgresql.org/message-id/F9408A5A-B20B-42D2-9E7F-49CD3D1547BC%40enterprisedb.com With Regards, Bharath Rupireddy. EnterpriseDB: http://www.enterprisedb.com
