| From: | Neil Conway <neilc(at)samurai(dot)com> |
|---|---|
| To: | Ian FREISLICH <if(at)hetzner(dot)co(dot)za> |
| Cc: | pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: [PATCH] pg_autovacuum commandline password hiding. |
| Date: | 2005-05-24 07:19:00 |
| Message-ID: | 4292D564.20009@samurai.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Ian FREISLICH wrote:
> I'm not sure if you've done this for a later version of pg_autovacuum.
> I'm using what came with postgres-7.4.6. For database security on
> a shared server (~800 logins) it's best to set the superuser password
> and not allow passwordless connections. The only thing is that
> pg_autovacuum keeps the password supplied on the commandline so
> anyone that does a 'ps' can get the database superuser password.
Is this portable? Considering the hoops that
backend/utils/misc/ps_status.c jumps through to do something similar for
the postmaster, I would guess not.
BTW, I would suggest using ~/.pgpass, as that should be secure on all
platforms.
-Neil
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Neil Conway | 2005-05-24 08:06:19 | Re: plperl tests for currently untested features |
| Previous Message | Ian FREISLICH | 2005-05-24 07:02:58 | [PATCH] pg_autovacuum commandline password hiding. |