Stephen Frost wrote:
> * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
>> Anybody think this is good, bad, or silly? Does the issue need
>> explicit documentation, and if so where and how?
> I'm going to have to vote 'silly' on this one. While I agree that in
> general we should discourage, and not provide explicit command-line
> options for, passing a password on the command-line, I don't feel that
> it makes sense to explicitly complicate things to prevent it.
It's a matter of being consistent. If we think such a facility shouldn't
be provided on security grounds, then we shouldn't allow it via a
In response to
pgsql-patches by date
|Next:||From: Tom Lane||Date: 2007-12-11 03:47:19|
|Subject: Re: Proposed patch to disallow password=foo in database name parameter |
|Previous:||From: Joshua D. Drake||Date: 2007-12-11 03:25:53|
|Subject: Re: Proposed patch to disallow password=foo in database