Tom Lane wrote:
> As of PG 8.3, libpq allows a conninfo string to be passed in via the
> dbName parameter of PQsetdbLogin. This is to allow access to conninfo
> facilities in old programs that are still using PQsetdbLogin (including
> most of our own standard clients ... ahem). For instance
> psql "service = foo"
> Andrew Dunstan pointed out a possible security hole in this: it will
> allow people to do
> psql "dbname = mydb password = mypassword"
> which would leave their password exposed on the program's command line.
> While we cannot absolutely prevent client apps from doing stupid things,
> it seems like it might be a good idea to prevent passwords from being
> passed in through dbName. The attached patch (which depends on some
> pretty-recent changes in CVS HEAD) accomplishes this.
> Anybody think this is good, bad, or silly? Does the issue need
I didn't even know we could do that. I always use the shell variable
option instead. Does anyone actually use the facility?
> explicit documentation, and if so where and how?
I think it should just throw a syntax error, this isn't covered as an
ability in the man page. I doubt anyone is honestly using this that
isn't smart enough to just figure out it isn't supported.
Joshua D. Drake
In response to
pgsql-patches by date
|Next:||From: Tom Lane||Date: 2007-12-11 03:08:05|
|Subject: Re: Proposed patch to disallow password=foo in database name parameter |
|Previous:||From: Tom Lane||Date: 2007-12-11 02:56:42|
|Subject: Proposed patch to disallow password=foo in database name parameter|