database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-04-24 10:47:04 +03:00
Code

Mark ssl_passphrase_command as GUC_SUPERUSER_ONLY.

Browse Source 
This commit changes the GUC ssl_passphrase_command so that
it's examinable by only superuser and a member of pg_read_all_settings.
Per discussion, we determined to do this because the parameter may
contain a sensitive informtaion like a passphrase itself.

Author: Insung Moon
Reviewed-by: Keisuke Kuroda
Discussion: https://postgr.es/m/CAEMmqBuHVGayc+QkYKgx3gWSdqwTAQGw+0DYn3WhcX-eNa2ntA@mail.gmail.com
This commit is contained in:
Fujii Masao 2020-03-09 11:41:31 +09:00
parent 5aaa584f81
commit d9249441ef
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/backend/utils/misc/guc.c
View File

@ -4268,7 +4268,8 @@ static struct config_string ConfigureNamesString[] =
{ {
{"ssl_passphrase_command", PGC_SIGHUP, CONN_AUTH_SSL, {"ssl_passphrase_command", PGC_SIGHUP, CONN_AUTH_SSL,
gettext_noop("Command to obtain passphrases for SSL."), gettext_noop("Command to obtain passphrases for SSL."),
NULL NULL,
GUC_SUPERUSER_ONLY
}, },
&ssl_passphrase_command, &ssl_passphrase_command,
"", "",