Mark ssl_passphrase_command as GUC_SUPERUSER_ONLY.

This commit changes the GUC ssl_passphrase_command so that
it's examinable by only superuser and a member of pg_read_all_settings.
Per discussion, we determined to do this because the parameter may
contain a sensitive informtaion like a passphrase itself.

Author: Insung Moon
Reviewed-by: Keisuke Kuroda
Discussion: https://postgr.es/m/CAEMmqBuHVGayc+QkYKgx3gWSdqwTAQGw+0DYn3WhcX-eNa2ntA@mail.gmail.com

diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
index dbecc00fef03edfe63e6b37d1a51af0c9d42eff2..c1fad3b3508f0aeb5f423e475180193ccb6b410f 100644 (file)
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -4268,7 +4268,8 @@ static struct config_string ConfigureNamesString[] =
    {
        {"ssl_passphrase_command", PGC_SIGHUP, CONN_AUTH_SSL,
            gettext_noop("Command to obtain passphrases for SSL."),
-           NULL
+           NULL,
+           GUC_SUPERUSER_ONLY
        },
        &ssl_passphrase_command,
        "",