Skip site navigation (1) Skip section navigation (2)

Re: BUG #1567: can't hide password with pg_autovacuum

From: "Matthew T(dot) O'Connor" <matthew(at)zeut(dot)net>
To: Olivier Thauvin <nanardon(at)nanardon(dot)homelinux(dot)org>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #1567: can't hide password with pg_autovacuum
Date: 2005-03-27 06:24:07
Message-ID: 42465187.9070902@zeut.net (view raw or flat)
Thread:
Lists: pgsql-bugs
I believe that pg_autovacuum will work with a .pgpass file just like any 
libpq based application.

Olivier Thauvin wrote:

>The following bug has been logged online:
>
>Bug reference:      1567
>Logged by:          Olivier Thauvin
>Email address:      nanardon(at)nanardon(dot)homelinux(dot)org
>PostgreSQL version: 8.0.1
>Operating system:   Linux (Mandrake cooker)
>Description:        can't hide password with pg_autovacuum
>Details: 
>
>I found an security with pg_autovacuum :(
>After looking the README and --help, it seems there is no way to start it
>with a configuration file.
>
>This is not a problem except when the database is password protected, so you
>have to use -P option to get it started (no prompt excpet I missed
>something).
>
>The potential issue come from ps, the password is show in clear:
>
>nanardon 28664  0.4  0.0  3644 1384 ?        Ss   04:05   0:00 pg_autovacuum
>-D -s rpm2sql -PXXXXXX
>
>XXXXXX is my password in clear (hidden here of course).
>As you can see, there is enought information here for someone having an
>account on the host to connect to DB with admin privileges on the DB (not as
>postgres user of course, but only the owner of the db can vacuum).
>
>Solution:
>- change the command line after start like some ftp client does
>- having the possiblility to read password from a file
>- taking password from envirronment variable (AUTOVACUUM_PASS=pass
>pg_autovacuum...)
>
>If I have any time, I will try to provide a patch, but my knowledge in C are
>too poor to ensure quality :(
>
>---------------------------(end of broadcast)---------------------------
>TIP 9: the planner will ignore your desire to choose an index scan if your
>      joining column's datatypes do not match
>
>  
>


In response to

Responses

pgsql-bugs by date

Next:From: Tom LaneDate: 2005-03-27 06:46:23
Subject: Re: BUG #1555: bug in GROUP BY?
Previous:From: Michael FuhrDate: 2005-03-27 06:22:49
Subject: Re: BUG #1555: bug in GROUP BY?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group