| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | raghavendra(dot)rao(at)enterprisedb(dot)com |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #8438: Usage of Pipe operator in Windows(CMD.exe) shows the password typed with any PG utility. |
| Date: | 2014-02-01 03:47:58 |
| Message-ID: | 20140201034758.GG31141@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Fri, Sep 6, 2013 at 05:35:57AM +0000, raghavendra(dot)rao(at)enterprisedb(dot)com wrote:
> I have PostgreSQL 9.2 instance on Windows 7 running in MD5 authentication
> mode. Anytime I connect I need to pass the password for connection. When I
> try to connect from command prompt using PIPE ('|") operator; and the
> password I type is visible(shown) instead of hiding it. For example in
> linux, any password typed when prompted will not show it just hides it.
> Which seems not the same in windows. Please look at the example below:
>
>
> 1. Go to command prompt (runas /user:postgres "cmd.exe")
>
>
> 2. Pass the some command using pipe operator to Psql (or any utility).
>
>
> c:\Program Files\PostgreSQL\9.2\bin>echo select version(); | psql -p 5433
> Password: postgres
>
>
> version
> -------------------------------------------------------------
> PostgreSQL 9.2.2, compiled by Visual C++ build 1600, 32-bit
> (1 row)
>
>
> If you see above output, the password I typed as "postgres" is clearly
> visible. I didn't tried to reproduce on any other version of PG or Windows.
> Below are my version details:
>
>
> Operating System: Windows 7 64 bit
> PostgreSQL: PostgreSQL 9.2.2
>
>
> For any further information required, I would be glad to share if its sent
> to my email id: raghavendra(dot)rao(at)enterprisedb(dot)com(dot)
I checked on our code and this is what we use in simple_prompt() on
Windows to turn off echo:
/* get a new handle to turn echo off */
t_orig = (LPDWORD) malloc(sizeof(DWORD));
t = GetStdHandle(STD_INPUT_HANDLE);
/* save the old configuration first */
GetConsoleMode(t, t_orig);
/* set to the new mode */
SetConsoleMode(t, ENABLE_LINE_INPUT | ENABLE_PROCESSED_INPUT);
I think the last line is turning off ENABLE_ECHO_INPUT:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms686033%28v=vs.85%29.aspx
Obviously it isn't working for you. Does anyone else see the psql typed
password echoed on Windows?
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ Everyone has their own god. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joe Conway | 2014-02-01 05:49:56 | Re: BUG #8399: inconsistent input of multidimensional arrays |
| Previous Message | Joe Conway | 2014-02-01 01:46:29 | Re: BUG #8399: inconsistent input of multidimensional arrays |