Skip site navigation (1) Skip section navigation (2)

Re: Proposed patch to disallow password=foo in databasename parameter

From: Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-patches(at)postgreSQL(dot)org, Stephen Frost <sfrost(at)snowman(dot)net>
Subject: Re: Proposed patch to disallow password=foo in databasename parameter
Date: 2007-12-11 12:22:46
Message-ID: 20071211122246.GE4708@alvh.no-ip.org (view raw or flat)
Thread:
Lists: pgsql-patches
Magnus Hagander wrote:
> On Mon, Dec 10, 2007 at 10:47:19PM -0500, Tom Lane wrote:

> If we want to prevent it for psql, we should actually prevent it *in* psql,
> not in libpq. There are an infinite number of scenarios where it's
> perfectly safe to put the password there... If we want to do it share, we
> should add a function like PQSanitizeConnectionString() that will remove
> it, that can be called from those client apps that may be exposing it.
> 
> There are also platforms that don't show the full commandline to other
> users - or even other processes - that aren't affected, of course.

One idea is to have psql "hide" the password on the ps status.  That way
it becomes less of a security issue.  It would still be a problem on
certain operating systems, but at least several common platforms would
be covered.

-- 
Alvaro Herrera                         http://www.flickr.com/photos/alvherre/
Officer Krupke, what are we to do?
Gee, officer Krupke, Krup you! (West Side Story, "Gee, Officer Krupke")

In response to

Responses

pgsql-patches by date

Next:From: Heikki LinnakangasDate: 2007-12-11 12:31:27
Subject: Re: Proposed patch to disallow password=foo in databasename parameter
Previous:From: Magnus HaganderDate: 2007-12-11 09:09:20
Subject: Re: Proposed patch to disallow password=foo in database name parameter

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group