Sunday, June 15, 2008

Re: [HACKERS] pg_stat_statements

Tom Lane <tgl@sss.pgh.pa.us> wrote:

> ITAGAKI Takahiro <itagaki.takahiro@oss.ntt.co.jp> writes:
> > Postgres 8.4 has pg_stat_user_functions view to track number of calls
> > of stored functions and time spent in them. Then, I'm thinking a
> > "sql statement" version of similar view -- pg_stat_statements.
>
> We don't have any system-wide names for statements, so this seems
> pretty ill-defined and of questionable value. Showing the text of
> statements in a view also has security problems.

Thanks. I see I have to consider security problems in whatever way I can.

I'm thinking to use hash values as system-wide IDs. Users who don't have
permissions can only see those meaningless values. SQL strings will be
hidden just same as pg_stat_activity.

Regards,
---
ITAGAKI Takahiro
NTT Open Source Software Center

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

No comments: