Re: Proposed patch to disallow password=foo in database name parameter

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-patches(at)postgreSQL(dot)org
Subject: Re: Proposed patch to disallow password=foo in database name parameter
Date: 2007-12-11 03:33:43
Message-ID: 475E0517.8020604@dunslane.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-patches

Stephen Frost wrote:
> * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
>
>> Anybody think this is good, bad, or silly? Does the issue need
>> explicit documentation, and if so where and how?
>>
>
> I'm going to have to vote 'silly' on this one. While I agree that in
> general we should discourage, and not provide explicit command-line
> options for, passing a password on the command-line, I don't feel that
> it makes sense to explicitly complicate things to prevent it.
>
>
>

It's a matter of being consistent. If we think such a facility shouldn't
be provided on security grounds, then we shouldn't allow it via a
backdoor, ISTM.

cheers

andrew

In response to

Responses

Browse pgsql-patches by date

  From Date Subject
Next Message Tom Lane 2007-12-11 03:47:19 Re: Proposed patch to disallow password=foo in database name parameter
Previous Message Joshua D. Drake 2007-12-11 03:25:53 Re: Proposed patch to disallow password=foo in database name parameter