From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | Olivier Thauvin <nanardon(at)nanardon(dot)homelinux(dot)org> |
Cc: | pgsql-bugs(at)postgresql(dot)org |
Subject: | Re: BUG #1567: can't hide password with pg_autovacuum |
Date: | 2005-03-28 22:40:08 |
Message-ID: | 200503282240.j2SMe8k24836@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
The typical way to do this is to use .pgpass in the user's home
directory. Does that help?
---------------------------------------------------------------------------
Olivier Thauvin wrote:
>
> The following bug has been logged online:
>
> Bug reference: 1567
> Logged by: Olivier Thauvin
> Email address: nanardon(at)nanardon(dot)homelinux(dot)org
> PostgreSQL version: 8.0.1
> Operating system: Linux (Mandrake cooker)
> Description: can't hide password with pg_autovacuum
> Details:
>
> I found an security with pg_autovacuum :(
> After looking the README and --help, it seems there is no way to start it
> with a configuration file.
>
> This is not a problem except when the database is password protected, so you
> have to use -P option to get it started (no prompt excpet I missed
> something).
>
> The potential issue come from ps, the password is show in clear:
>
> nanardon 28664 0.4 0.0 3644 1384 ? Ss 04:05 0:00 pg_autovacuum
> -D -s rpm2sql -PXXXXXX
>
> XXXXXX is my password in clear (hidden here of course).
> As you can see, there is enought information here for someone having an
> account on the host to connect to DB with admin privileges on the DB (not as
> postgres user of course, but only the owner of the db can vacuum).
>
> Solution:
> - change the command line after start like some ftp client does
> - having the possiblility to read password from a file
> - taking password from envirronment variable (AUTOVACUUM_PASS=pass
> pg_autovacuum...)
>
> If I have any time, I will try to provide a patch, but my knowledge in C are
> too poor to ensure quality :(
>
> ---------------------------(end of broadcast)---------------------------
> TIP 9: the planner will ignore your desire to choose an index scan if your
> joining column's datatypes do not match
>
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
From | Date | Subject | |
---|---|---|---|
Next Message | Greg Sabino Mullane | 2005-03-28 23:45:06 | Background writer process terminating |
Previous Message | Bruce Momjian | 2005-03-28 22:28:16 | Re: [BUGS] BUG #1563: wrong week returnded by date_trunc('week', |