| From: | "Magnus Hagander" <mha(at)sollentuna(dot)net> |
|---|---|
| To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: initdb initial password |
| Date: | 2004-06-15 22:27:49 |
| Message-ID: | 6BCB9D8A16AC4241919521715F4D8BCE34BC8E@algol.sollentuna.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
>> I would like to add capability to initdb to accept the
>password for the
>> superuser account at invocation. Right now, I can use
>--pwprompt or -W
>> to have it ask for a password. But for the win32 GUI
>installed I'd like
>> to ask for the password in the installer, and pass it to initdb.
>> Considering how it's done in different places, what's the
>preferred way
>> to do this? Commandline parameter? Environment variable? Other (what
>> would that be?)
>
>There's a reason why it's done that way, which is that the others are
>all insecure. At least on some Unixen.
Other binaries accept the password as an environment variable. Are you
saying that it's secure to pass it as environment variable to
psql/pgdump/etc but not to initdb? If so, care to enlighten me as to why
this is different (I'm clearly not seeing why..)?
Assuming it isn't, would a patch that added a commandline switch for
this on win32 only (#ifdef:ed) be accepted? On win32 you can't see the
commandline of another process (unless you are admin on the box and
activate debugging privileges, but you've lost against an admin anyway -
same as root on *nix), so it should be safe enough there.
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2004-06-15 22:39:51 | Re: initdb initial password |
| Previous Message | Tom Lane | 2004-06-15 22:21:59 | Re: initdb initial password |