Skip to content

Commit d924944

Browse files
MasaoFujiiMasaoFujii
committed
Mark ssl_passphrase_command as GUC_SUPERUSER_ONLY.
This commit changes the GUC ssl_passphrase_command so that it's examinable by only superuser and a member of pg_read_all_settings. Per discussion, we determined to do this because the parameter may contain a sensitive informtaion like a passphrase itself. Author: Insung Moon Reviewed-by: Keisuke Kuroda Discussion: https://postgr.es/m/CAEMmqBuHVGayc+QkYKgx3gWSdqwTAQGw+0DYn3WhcX-eNa2ntA@mail.gmail.com
1 parent 5aaa584 commit d924944

File tree

1 file changed

+2
-1
lines changed
  • src/backend/utils/misc

1 file changed

+2
-1
lines changed

src/backend/utils/misc/guc.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4268,7 +4268,8 @@ static struct config_string ConfigureNamesString[] =
42684268
{
42694269
{"ssl_passphrase_command", PGC_SIGHUP, CONN_AUTH_SSL,
42704270
gettext_noop("Command to obtain passphrases for SSL."),
4271-
NULL
4271+
NULL,
4272+
GUC_SUPERUSER_ONLY
42724273
},
42734274
&ssl_passphrase_command,
42744275
"",

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy