On Mon, Jan 18, 2016 at 7:42 PM, Michael Paquier
<michael.paquier@gmail.com> wrote:
>> Yeah, I really don't see anything in the pg_controldata output that
>> looks sensitive. The WAL locations are the closest of anything,
>> AFAICS.
>
> The system identifier perhaps? I honestly don't have on top of my head
> a way to exploit this information but leaking that at SQL level seems
> sensible: that's a unique identifier of a Postgres instance used when
> setting up a cluster after all.
I think you are confusing useful information with security-sensitive
information. The system identifier may be useful, but if you can't
use it to compromise something, it's not security-sensitive.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company