pg_stat_monitor icon indicating copy to clipboard operation
pg_stat_monitor copied to clipboard
verified publisher icon percona

Non-generalised query items should not be visible to non-super user

Open dutow opened this issue 2 years ago • 0 comments

This is a security threat that a non-super user can see the user data using pg_stat_monitor. For example

SELECT id, Name from cards where card_no like "1235-1253-3735-2674";

pg_stat_statments and pg_stat_monitor (Generalized mode) show this SELECT id, Name from cards where card_no like "?";

But in the non-generalized option, pg_stat_monitor will show the original data.

SELECT id, Name from cards where card_no like "1235-1253-3735-2674";

https://jira.percona.com/browse/PG-565

dutow avatar Jul 17 '23 08:07 dutow