Skip site navigation (1) Skip section navigation (2)

Re: [GENERAL] worried about PGPASSWORD drop

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Alvaro Herrera <alvherre(at)atentus(dot)com>
Cc: pgsql-patches(at)postgresql(dot)org
Subject: Re: [GENERAL] worried about PGPASSWORD drop
Date: 2002-08-29 18:33:54
Message-ID: 200208291833.g7TIXsh13979@candle.pha.pa.us (view raw or flat)
Thread:
Lists: pgsql-generalpgsql-patches
Your patch has been added to the PostgreSQL unapplied patches list at:

	http://candle.pha.pa.us/cgi-bin/pgpatches

I will try to apply it within the next 48 hours.

---------------------------------------------------------------------------


Alvaro Herrera wrote:
> En Wed, 28 Aug 2002 17:33:34 -0400 (EDT)
> Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> escribi?:
> 
> > Alvaro Herrera wrote:
> > > Bruce Momjian dijo: 
> > > 
> > > > Tom Lane wrote:
> > > 
> > > > > If you want to put in security restrictions that are actually useful,
> > > > > where is the code to verify that PGPASSWORDFILE points at a
> > > > > non-world-readable file?  That needs to be there now, not later, or
> > > > > we'll have people moaning about backward compatibility when we finally
> > > > > do plug that hole.
> > > > 
> > > > Agreed.
> > > 
> > > Point taken, will look into it later.
> > 
> > Here is some code from postmaster.c that may help:
> 
> Thank you.  Patch attached.  Note that it also checks group access; I think
> that is desired as well.
> 
> -- 
> Alvaro Herrera (<alvherre[a]atentus.com>)
> "Cuando ma?ana llegue pelearemos segun lo que ma?ana exija" (Mowgli)

[ Attachment, skipping... ]

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

In response to

pgsql-patches by date

Next:From: Bruce MomjianDate: 2002-08-29 19:53:56
Subject: Re: Minor (micro) documentation fix
Previous:From: Manfred KoizarDate: 2002-08-29 17:47:47
Subject: Re: Visibility regression test

pgsql-general by date

Next:From: Bruce MomjianDate: 2002-08-29 18:40:17
Subject: Re: [Pgreplication-general] Master/Slave is in town!
Previous:From: Don ArbowDate: 2002-08-29 18:29:44
Subject: Re: Securing sensitive information

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group