Skip site navigation (1) Skip section navigation (2)

Re: Proposed patch to disallow password=foo in database name parameter

From: "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-patches(at)postgresql(dot)org, Andrew Dunstan <andrew(at)dunslane(dot)net>
Subject: Re: Proposed patch to disallow password=foo in database name parameter
Date: 2007-12-11 03:00:09
Message-ID: 475DFD39.9080100@commandprompt.com (view raw or flat)
Thread:
Lists: pgsql-patches
Tom Lane wrote:
> As of PG 8.3, libpq allows a conninfo string to be passed in via the
> dbName parameter of PQsetdbLogin.  This is to allow access to conninfo
> facilities in old programs that are still using PQsetdbLogin (including
> most of our own standard clients ... ahem).  For instance
> 
> 	psql "service = foo"
> 
> Andrew Dunstan pointed out a possible security hole in this: it will
> allow people to do
> 
> 	psql "dbname = mydb password = mypassword"
> 
> which would leave their password exposed on the program's command line.
> 
> While we cannot absolutely prevent client apps from doing stupid things,
> it seems like it might be a good idea to prevent passwords from being
> passed in through dbName.  The attached patch (which depends on some
> pretty-recent changes in CVS HEAD) accomplishes this.
> 
> Anybody think this is good, bad, or silly?  Does the issue need

I didn't even know we could do that. I always use the shell variable 
option instead. Does anyone actually use the facility?

> explicit documentation, and if so where and how?

I think it should just throw a syntax error, this isn't covered as an 
ability in the man page. I doubt anyone is honestly using this that 
isn't smart enough to just figure out it isn't supported.

Joshua D. Drake



In response to

Responses

pgsql-patches by date

Next:From: Tom LaneDate: 2007-12-11 03:08:05
Subject: Re: Proposed patch to disallow password=foo in database name parameter
Previous:From: Tom LaneDate: 2007-12-11 02:56:42
Subject: Proposed patch to disallow password=foo in database name parameter

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group