On 02/17/2016 05:14 PM, Tom Lane wrote:
Peter Eisentraut <pete...@gmx.net> writes:
On 2/17/16 12:15 PM, Joe Conway wrote:
Ok, removed the documentation on the function pg_config() and pushed.
I still have my serious doubts about this, especially not even requiring
superuser access for this information. Could someone explain why we
need this?
I thought we'd agreed on requiring superuser access for this function.
I concur that letting just anyone see the config data is inappropriate.
I'm in favor, and don't really want to rehearse the argument. But I
think I can live quite happily with it being superuser only. It's pretty
hard to argue that exposing it to a superuser creates much risk, ISTM.
cheers
andrew
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
