Re: elog() patch

Bruce Momjian <pgman@candle.pha.pa.us> writes:
> Peter is also concerned if allowing clients to see elog() messages is a
> security problem.  Clients can't see postmaster messages because there
> is no client at the time, but backend messages will be visible.  I can't
> think of any server log messages that shouldn't be seen by the client. 

The only thing I can think of is the detailed authorization-failure
messages that the postmaster has traditionally logged but not sent to
the client.  We need to be sure that the client cannot change that
behavior by setting PGOPTIONS.  I *think* this is OK, since client
options aren't processed till after the auth cycle finishes --- but
check it.  If you are using IsUnderPostmaster to control things then
you might have a problem, because that gets set too soon.
        regards, tom lane