Re: exposing pg_controldata and pg_config as functions

On January 18, 2016 11:10:35 PM GMT+01:00, Stephen Frost <sfrost@snowman.net> wrote:
>* Robert Haas (robertmhaas@gmail.com) wrote:
>> On Mon, Jan 18, 2016 at 4:43 AM, Andres Freund <andres@anarazel.de>
>wrote:
>> > Meh, that seems pretty far into pseudo security arguments.
>> 
>> Yeah, I really don't see anything in the pg_controldata output that
>> looks sensitive.  The WAL locations are the closest of anything,
>> AFAICS.
>
>Heikki already showed how the WAL location information could be
>exploited if compression is enabled.
>
>I believe that's something we should care about and fix in one way or
>another (my initial approach was using defualt roles, but using the ACL
>system and starting out w/ no rights granted to that function also
>works).

Sure. But it's pointless to make things more complicated when there's functions providing equivalent information
already.

--- 
Please excuse brevity and formatting - I am writing this on my mobile phone.