| From: | Alvaro Herrera <alvherre(at)atentus(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: psql password prompt |
| Date: | 2002-08-23 19:20:48 |
| Message-ID: | 20020823152048.00f5804c.alvherre@atentus.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
En Fri, 23 Aug 2002 01:12:06 -0400
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> escribió:
> Alvaro Herrera <alvherre(at)atentus(dot)com> writes:
> > Is there a reason not to change it to something like
> > username(at)host:port Password:
>
> Not sure. I can't immediately spot any security risk in this, but that
> doesn't mean there isn't any. It bothers me that I cannot think of
> *any* other password-prompting program that gives you such feedback.
> Seems like if this were really a good idea, we'd not be the first to
> do it ...
It's not that easy anyway. Generally psql does not have a lot of
information about connection options: those are deduced from the
environment by libpq and psql does not have access to what libpq
guesses.
It can be resolved using the same logic as libpq in psql. It seems a
bad idea to just copy the code; another way would be separating libpq's
logic in an exportable function so psql can call it.
However, as this turns out to be more difficult than I had originally
thought, I think it's not THAT useful so I rather leave it alone, unless
somebody thinks it's useful.
--
Alvaro Herrera (<alvherre[a]atentus.com>)
"Para tener mas hay que desear menos"
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2002-08-23 19:42:14 | Re: Permissions for CREATE OPERATOR CLASS |
| Previous Message | Tom Lane | 2002-08-23 19:17:25 | Permissions for CREATE OPERATOR CLASS |