Skip site navigation (1) Skip section navigation (2)

Re: [PATCH] pg_autovacuum commandline password hiding.

From: Neil Conway <neilc(at)samurai(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Dave Page <dpage(at)vale-housing(dot)co(dot)uk>,Ian FREISLICH <if(at)hetzner(dot)co(dot)za>, pgsql-patches(at)postgresql(dot)org
Subject: Re: [PATCH] pg_autovacuum commandline password hiding.
Date: 2005-05-25 02:49:42
Message-ID: 4293E7C6.6070603@samurai.com (view raw or flat)
Thread:
Lists: pgsql-patches
Tom Lane wrote:
> The question at hand is whether we want to support an obvious security
> hole.  The argument that "some people will not care" applies with at
> least as much force to psql or pg_dump, which at least have the grace
> to not hang around and advertise their command-line parameters forever.
> I think that using -P for pg_autovacuum is just plain stupid, even on a
> nominally secure single-user box.

Assuming that command-line parameters are actually globally visible on 
your platform, which isn't necessarily the case.

Anyway, I basically agree that the legitimate use-case for this feature 
is pretty small, and it is probably worth removing. However, I don't 
think it is urgent (there are plenty of other ways to shoot yourself in 
the foot), and shouldn't be backpatched -- people may be using this 
functionality.

-Neil

In response to

Responses

pgsql-patches by date

Next:From: Neil ConwayDate: 2005-05-25 02:50:09
Subject: Re: fix a bogus line in dynahash.c
Previous:From: Tom LaneDate: 2005-05-25 02:44:13
Subject: Re: [PATCH] pg_autovacuum commandline password hiding.

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group