| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | Zeugswetter Andreas SB SD <ZeugswetterA(at)spardat(dot)at>, Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au>, Antonio Fiol Bonnin <fiol(at)w3ping(dot)com>, Doug McNaught <doug(at)wireboard(dot)com>, Lincoln Yeoh <lyeoh(at)pop(dot)jaring(dot)my>, Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opensup |
| Date: | 2001-11-30 17:55:38 |
| Message-ID: | 8643.1007142938@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> We can hide it but it will be visible for a short period, and many
> operating systems either don't allow us to modify the ps args or have
> ways of circumventing custom ps display, i.e. it doesn't show updated ps
> display if the process is swapped out because ps can't get to the
> user-space definitions of the custom args.
Yes, passwords in command-line arguments are *way* too dangerous.
I had always thought that environment vars were secure, though, and was
surprised to learn that there are Unix variants wherein they're not.
I still like the idea of arguments and/or env vars that give the name
of a file in which to look for the password, however. Perhaps the file
contents could be along the lines of
username host password
and libpq would look for a line matching the PGUSER and PGHOST values it
already has. (compare the usage of .netrc, .cvspass, etc). Maybe there
could even be a default assumption that we look in "$HOME/.pgpass",
without having to be told? Or is that too Unix-centric?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Lockhart | 2001-11-30 17:56:16 | Re: History question |
| Previous Message | Bruce Momjian | 2001-11-30 17:45:06 | Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opensup |