Re: Proposed patch to disallow password=foo in database name parameter

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-patches(at)postgreSQL(dot)org, Andrew Dunstan <andrew(at)dunslane(dot)net>
Subject: Re: Proposed patch to disallow password=foo in database name parameter
Date: 2007-12-11 03:15:48
Message-ID: 20071211031548.GX5031@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-patches

* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Anybody think this is good, bad, or silly? Does the issue need
> explicit documentation, and if so where and how?

I'm going to have to vote 'silly' on this one. While I agree that in
general we should discourage, and not provide explicit command-line
options for, passing a password on the command-line, I don't feel that
it makes sense to explicitly complicate things to prevent it.

Just my 2c,

Thanks,

Stephen

In response to

Responses

Browse pgsql-patches by date

  From Date Subject
Next Message Joshua D. Drake 2007-12-11 03:25:53 Re: Proposed patch to disallow password=foo in database name parameter
Previous Message Tom Lane 2007-12-11 03:08:05 Re: Proposed patch to disallow password=foo in database name parameter