| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | Benjamin Yu <benjaminlyu(at)yahoo(dot)com>, pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: postgresql-7.1.3 pg_ctl password authentication and startup |
| Date: | 2001-10-12 06:25:14 |
| Message-ID: | 24569.1002867914@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> Can I get comments on this?
Ugh.
> It allows storage of a super-user password
> in a file under /data that gets passed in psql. I don't like the fact
> the password is stored unencrypted
Entirely unacceptable IMHO. We just spent a large amount of work to
eliminate the need to keep any unencrypted passwords inside $PGDATA
... and this patch proposes to sling one right back in there, in an
easy-to-find place no less. Mess up the protection on $PGDATA, and
you've given away the store.
pg_ctl is certainly in need of work for systems that use password
security, but this is not a good fix.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-10-12 06:31:15 | Re: psql: default base and password reading |
| Previous Message | Thomas Lockhart | 2001-10-12 05:53:47 | Re: psql: default base and password reading |