From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | kdebisschop(at)range(dot)infoplease(dot)com |
Cc: | pgman(at)candle(dot)pha(dot)pa(dot)us, peter_e(at)gmx(dot)net, scrappy(at)hub(dot)org, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: [HACKERS] TODO list updated |
Date: | 2000-01-13 17:10:29 |
Message-ID: | 15470.947783429@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Karl DeBisschop <kdebisschop(at)range(dot)infoplease(dot)com> writes:
>> What I am starting to think is that we do need a C program. However,
>> it could be very small; it shouldn't try to do all of what initdb does.
> Why not something like:
> [ fire up a postmaster and send it an ALTER USER command ]
That's got a race condition: at the time you start the postmaster,
the postgres superuser hasn't got a password. A bad guy could get
in there and set the password the way *he* wanted it, or less
detectably: just connect as postgres, wait for you to set the password,
then read it out (he's still connected as postgres and still has
superuser rights...)
If we thought that was acceptable, the whole issue of setting the
password in initdb (rather than doing it manually later on) wouldn't
be on the table. The idea is to have a password in place *before*
opening the store.
If Bruce is correct that 'echo' is a shell builtin on all shells,
then
echo "ALTER USER ..." | standalone-backend
seems like a sufficient solution. I am a little concerned about
that "if", but it may be a close-enough answer.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | The Hermit Hacker | 2000-01-13 17:18:11 | Re: [HACKERS] TODO list updated |
Previous Message | Tom Lane | 2000-01-13 16:58:34 | Re: initdb (Re: [HACKERS] TODO list updated) |