Skip site navigation (1) Skip section navigation (2)

Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Lincoln Yeoh <lyeoh(at)pop(dot)jaring(dot)my>, Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au>, Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens
Date: 2001-11-28 20:00:07
Message-ID: 200111282000.fASK07h01060@candle.pha.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
> Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> > I will document the security problem with PGPASSWORD and add a TODO item
> > to remove it in 7.3.  Is that OK with everyone?
> 
> I don't think we should remove it.  Documenting that using it is a
> security risk on some platforms seems a good idea, however.

OK, new text is:

	<envar>PGPASSWORD</envar>
	sets the password used if the backend demands password
	authentication. This is not recommended because the password can
	be read by others using <command>ps -e</command>.

I am unsure if Linux has this problem but it seems most other Unix's do.

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

In response to

Responses

pgsql-hackers by date

Next:From: Bruce MomjianDate: 2001-11-28 20:13:55
Subject: Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens
Previous:From: Tom LaneDate: 2001-11-28 19:55:34
Subject: Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group