Skip site navigation (1) Skip section navigation (2)

Re: Proposed patch to disallow password=foo in database name parameter

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-patches(at)postgreSQL(dot)org
Subject: Re: Proposed patch to disallow password=foo in database name parameter
Date: 2007-12-11 03:33:43
Message-ID: 475E0517.8020604@dunslane.net (view raw or flat)
Thread:
Lists: pgsql-patches

Stephen Frost wrote:
> * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
>   
>> Anybody think this is good, bad, or silly?  Does the issue need
>> explicit documentation, and if so where and how?
>>     
>
> I'm going to have to vote 'silly' on this one.  While I agree that in
> general we should discourage, and not provide explicit command-line
> options for, passing a password on the command-line, I don't feel that
> it makes sense to explicitly complicate things to prevent it.
>
>
>   

It's a matter of being consistent. If we think such a facility shouldn't 
be provided on security grounds, then we shouldn't allow it via a 
backdoor, ISTM.

cheers

andrew

In response to

Responses

pgsql-patches by date

Next:From: Tom LaneDate: 2007-12-11 03:47:19
Subject: Re: Proposed patch to disallow password=foo in database name parameter
Previous:From: Joshua D. DrakeDate: 2007-12-11 03:25:53
Subject: Re: Proposed patch to disallow password=foo in database name parameter

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group