Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1ryDe8-00F7eE-7I
	for pgsql-general@arkaria.postgresql.org; Sat, 20 Apr 2024 16:33:00 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1ryDe6-00B4fG-4e
	for pgsql-general@arkaria.postgresql.org; Sat, 20 Apr 2024 16:32:58 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <adrian.klaver@aklaver.com>)
	id 1ryDe5-00B4f8-4E
	for pgsql-general@lists.postgresql.org; Sat, 20 Apr 2024 16:32:57 +0000
Received: from wfhigh2-smtp.messagingengine.com ([64.147.123.153])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <adrian.klaver@aklaver.com>)
	id 1ryDe1-0020JX-EV
	for pgsql-general@lists.postgresql.org; Sat, 20 Apr 2024 16:32:56 +0000
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
	by mailfhigh.west.internal (Postfix) with ESMTP id 8CF0D18000B4;
	Sat, 20 Apr 2024 12:32:48 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
  by compute5.internal (MEProxy); Sat, 20 Apr 2024 12:32:48 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aklaver.com; h=
	cc:content-transfer-encoding:content-type:content-type:date:date
	:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:subject:subject:to:to; s=fm2; t=1713630768;
	 x=1713717168; bh=9OKT5EEO0bkj2nwpNayoD8S0I03fKUOuUyN+VxVLxNo=; b=
	fbBD80FbW+z0SgRk8BLJD45izwt0Q3E31hTu3o08vyP1B/KDAke2YRvxm/Mi9bf/
	yuuIu9s9wrzyXm4q1n7MeO6cxM2/DAkxHfIqYIX5YYUaLNQN/zyAu0CzasDWmcXH
	FxAKDUPaQCMRnFO8kYi56y+wvPNLDb1VItGeAZtCKoNuh4hcieXd5YWcqthJXrY1
	wWnHE4j23o5avY53H22e3l+wUf5cAynCfLXh0xBTk8G3qoT2JzMbfTofBv1So6+a
	KBkRHU8Fm645FtEFmiBXqZw5Mswc1rLiyEcveFefip8ahaPfsvFZjIsRh41uoQeC
	2yX3cx5T9WNLgTsTnjwjjA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:content-type
	:content-type:date:date:feedback-id:feedback-id:from:from
	:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1713630768; x=
	1713717168; bh=9OKT5EEO0bkj2nwpNayoD8S0I03fKUOuUyN+VxVLxNo=; b=k
	Dc8pXnD7+jMkf5wSOImAqIfIDIg/Jyqf/9hDslOgzUJKZEiRNJOEprcYW5VXdSXa
	RioiHkNmq9llPlB/mTi9HOtJ7oH/I9FW1Zc5M2NKilOT1HJub1F7w6aKt+uHD7I9
	SJetnv4rRos6eoN4bWVqHp25RP7RYDxupEi2Bn8dZDCdgiT32XL6H2WvUg9AI6kg
	dv6pTmfDBEhNqsmsOTJUBO5As9kmQpKRi+YTH+/m0yXEhOkebvTt12LppRdkJELZ
	R+xp8af7OgjmX688suGvQqDJ7NfLiZcTF4tjdvb+dt1CMFyv91+LGCFrrwAgH6RT
	JmSGXTK+x2VbLXkkRk4aQ==
X-ME-Sender: <xms:L-4jZqu9sfCMaKXH5VUIeJfZTad4UssoXbL_PdFZEyJiG1cjouFg4A>
    <xme:L-4jZvd_r5fNIamiyv74Udxw4sFLybLaN0hzputZNOHvF9xrHyI4zotlNquEb-ql8
    hhhh2DLQGMB1AQ>
X-ME-Received: <xmr:L-4jZly-xWODw1Dbvbyya92vvwzac0lfsW3jQ2ODVNa7RfEufqsssbd5chmiLVMFqjpkQWBC7qthqcCojT5ZOyr6balnEw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudekgedguddtvdcutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
    necuuegrihhlohhuthemuceftddtnecunecujfgurhepkfffgggfuffvfhfhjggtgfesth
    ekredttddvjeenucfhrhhomheptegurhhirghnucfmlhgrvhgvrhcuoegrughrihgrnhdr
    khhlrghvvghrsegrkhhlrghvvghrrdgtohhmqeenucggtffrrghtthgvrhhnpeelgeevke
    ekkeeuiefgtdevieeluefhfedufeetkeejffekjeeujeehgeehgeektdenucffohhmrghi
    nhepphhoshhtghhrvghsqhhlrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrg
    hrrghmpehmrghilhhfrhhomheprggurhhirghnrdhklhgrvhgvrhesrghklhgrvhgvrhdr
    tghomh
X-ME-Proxy: <xmx:L-4jZlMh7K2K77CAYrZULHH-PfW6lGpKi4WQ14tsQo_1MA_yn6jdog>
    <xmx:L-4jZq-GQiIb5FGbQrzu0_USPWYGs194BUJyNCLJjbkOS2SE5ejsDg>
    <xmx:L-4jZtUuj8fWYZUFGaLmo7CZOBQrMHlkgpMuHwLT5WKrvcdkq9b_SA>
    <xmx:L-4jZjfgA_EfNOx633KLPf2Ye_RaPSZz1yZR2tciLZ7Y1CymjcfK2A>
    <xmx:MO4jZsIaUKEyAZXzjcbs0LG-XMaBFG86MphDAESp56ofvqkqR0uBXgEl>
Feedback-ID: i76984098:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat,
 20 Apr 2024 12:32:47 -0400 (EDT)
Message-ID: <b924d999-d63a-438f-95de-d08da4905bd1@aklaver.com>
Date: Sat, 20 Apr 2024 09:32:46 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Logging statement having any threat?
To: Lok P <loknath.73@gmail.com>,
 pgsql-general <pgsql-general@lists.postgresql.org>
References: <CAKna9VZZuGwejSd+u9gQ7WobDYDcip+2Ua5e67sKA-Wgah=7Wg@mail.gmail.com>
Content-Language: en-US
From: Adrian Klaver <adrian.klaver@aklaver.com>
In-Reply-To: <CAKna9VZZuGwejSd+u9gQ7WobDYDcip+2Ua5e67sKA-Wgah=7Wg@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/b924d999-d63a-438f-95de-d08da4905bd1%40aklaver.com>
Precedence: bulk

On 4/20/24 07:02, Lok P wrote:
> Hello All,
> Its postgres version 15.4 and its RDS, in which our dev team gets the 
> infrastructure code from another third party team which provides us base 
> infrastructure code to build a postgres database, in which we will be 
> able to do change DB parameter values etc whatever is mentioned in the 
> file with possible values. But surprisingly we don't see log_statement 
> there. Below was our requirement,
> 
> For debugging and evaluating performance we were having 
> pg_stat_statements but it contains aggregated information about all the 
> query execution. But in case just want to debug any point in time issues 
> where the selected few queries were performing bad (may be because of 
> plan change), we were planning to have the auto_explain extension added 
> and set the log_min_duration to ~5 seconds, So that, all the queries 
> going above that time period(5 seconds) will be logged and provide 
> detailed information on the exact point of bottleneck. But we see the 
> log_statement parameter has been removed from the base infrastructure 
> script/terraform script given by the database team here, so that means 
> we will get it as default which is "NONE", which means no 
> statement(SELECT/DML/DDL etc) can be logged.

Have you tried?:

https://www.postgresql.org/docs/current/runtime-config-logging.html#RUNTIME-CONFIG-LOGGING-WHAT

"
log_statement (enum)

   <...>

The default is none. Only superusers and users with the appropriate SET 
privilege can change this setting.
"

Or

https://www.postgresql.org/docs/current/functions-admin.html#FUNCTIONS-ADMIN-SET

set_config ( setting_name text, new_value text, is_local boolean ) → text


> 
> Now when we reach out to the infrastructure team , they are saying these 
> variables(pg_cluster_log_statement,pg_instance_log_statement) were 

Where are those variables coming from? I can not find them in RDS or 
Terraform docs.

> removed due to potential security threat. So I want to understand from 
> experts here , how this is really a security threat and if any option to 
> get this logging enabled (which will help us debug performance issues) 
> at same time addressing the threat too?
> 
> Regards
> Lok

-- 
Adrian Klaver
adrian.klaver@aklaver.com