From: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com>, brown(at)fastmail(dot)com, "pgsql-bugs(at)postgresql(dot)org" <pgsql-bugs(at)postgresql(dot)org> |
Subject: | Re: BUG #13741: vacuumdb does not accept valid password |
Date: | 2015-11-12 21:26:27 |
Message-ID: | 20151112212627.GR614468@alvherre.pgsql |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs pgsql-hackers |
Tom Lane wrote:
> NAK. This changes the behavior of connectDatabase() for *all* users
> of that function, not only vacuumdb. But the proposed behavioral
> change is only appropriate for calling programs in which only a single
> host/port/database target is used per execution. In other contexts,
> reusing the prior password is not just inappropriate but could actually
> create security issues. (It's possible that this behavior would be okay
> for all existing callers, but that doesn't mean we should put in a
> security gotcha for future uses.)
>
> We could make this approach work if connectDatabase() remembered all
> the parameters internally, and only tried to reuse the password when
> they all match. Or maybe it'd be better to alter the API so the caller
> can say whether to try to reuse a saved password or not. But I'm not sure
> whether either of those answers is cleaner than the previous patch.
Thanks for the input. I decided to push what we had because it's less
invasive in terms of API definition. If we want to change in the
direction suggested by Masao-san, we can still do it, but perhaps only
in master -- maybe we would like to have both pg_dump and
src/bin/scripts compile a single source code file instead of having two
copies of essentially the same routine, for instance.
> (BTW, I notice that pg_dumpall.c has a version of connectDatabase in
> which the "static" trick is already being used, sans any documentation.
> That's okay for pg_dumpall, but might be an issue if anyone copies-and-
> pastes that version somewhere else ... and in any case it's fair to ask
> why that version hasn't been merged with common.c.)
We'd have to have a file common to both subdirs that only contains that
routine, I think. We now have pg_dump/common.c as well ... Not
something I want to propose for 9.5.
--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2015-11-12 21:51:22 | Re: BUG #13741: vacuumdb does not accept valid password |
Previous Message | Alvaro Herrera | 2015-11-12 21:23:05 | Re: BUG #13741: vacuumdb does not accept valid password |
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2015-11-12 21:51:22 | Re: BUG #13741: vacuumdb does not accept valid password |
Previous Message | Alvaro Herrera | 2015-11-12 21:23:05 | Re: BUG #13741: vacuumdb does not accept valid password |