Mark ssl_passphrase_command as GUC_SUPERUSER_ONLY.

This commit changes the GUC ssl_passphrase_command so that it's examinable by only superuser and a member of pg_read_all_settings. Per discussion, we determined to do this because the parameter may contain a sensitive informtaion like a passphrase itself. Author: Insung Moon Reviewed-by: Keisuke Kuroda Discussion: https://postgr.es/m/CAEMmqBuHVGayc+QkYKgx3gWSdqwTAQGw+0DYn3WhcX-eNa2ntA@mail.gmail.com
author: Fujii Masao <fujii@postgresql.org> 2020-03-09 11:41:31 +0900
committer: Fujii Masao <fujii@postgresql.org> 2020-03-09 11:41:31 +0900
commit: d9249441efc5b4adc5b1a71f3d16538c68e198fc (patch)
tree: 7a314841312467c1692450c0ff9c9e7c885d5904
parent: 5aaa584f819e2d8d2fb23cdf2174ce6e5628e1f5 (diff)
download: postgresql-d9249441efc5b4adc5b1a71f3d16538c68e198fc.tar.gz
postgresql-d9249441efc5b4adc5b1a71f3d16538c68e198fc.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
index dbecc00fef0..c1fad3b3508 100644
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -4268,7 +4268,8 @@ static struct config_string ConfigureNamesString[] =
 	{
 		{"ssl_passphrase_command", PGC_SIGHUP, CONN_AUTH_SSL,
 			gettext_noop("Command to obtain passphrases for SSL."),
-			NULL
+			NULL,
+			GUC_SUPERUSER_ONLY
 		},
 		&ssl_passphrase_command,
 		"",
author	Fujii Masao <fujii@postgresql.org>	2020-03-09 11:41:31 +0900
committer	Fujii Masao <fujii@postgresql.org>	2020-03-09 11:41:31 +0900
commit	d9249441efc5b4adc5b1a71f3d16538c68e198fc (patch)
tree	7a314841312467c1692450c0ff9c9e7c885d5904
parent	5aaa584f819e2d8d2fb23cdf2174ce6e5628e1f5 (diff)
download	postgresql-d9249441efc5b4adc5b1a71f3d16538c68e198fc.tar.gz postgresql-d9249441efc5b4adc5b1a71f3d16538c68e198fc.zip