On Thu, Jun 30, 2016 at 2:50 AM, Alvaro Herrera
<alvherre@2ndquadrant.com> wrote:
> Fujii Masao wrote:
>> On Wed, Jun 29, 2016 at 12:23 PM, Alvaro Herrera
>> <alvherre@2ndquadrant.com> wrote:
>> > Michael Paquier wrote:
>> >> On Wed, Jun 29, 2016 at 6:42 AM, Alvaro Herrera
>> >> <alvherre@2ndquadrant.com> wrote:
>> >
>> >> > I have already edited the patch following some of these ideas. Will
>> >> > post a new version later.
>> >>
>> >> Cool, thanks.
>> >
>> > Here it is. I found it was annoying to maintain the function return
>> > tupdesc in two places (pg_proc.h and the function code itself), so I
>> > changed that too.
>>
>> ISTM that pg_stat_wal_receiver can return the security-sensitive fields
>> if it's viewed before walreceiver overwrites the conninfo in the shared memory
>> with the obfuscated one.
>
> Hmm, ouch. Maybe we can set a flag once the conninfo has been
> obfuscated, and put the function to sleep until the flag is set.
Or what about making walreceiver instead of startup process read
primary_conninfo from the file?
Regards,
--
Fujii Masao