Skip site navigation (1) Skip section navigation (2)

Re: Proposed patch to disallow password=foo in databasename parameter

From: Heikki Linnakangas <heikki(at)enterprisedb(dot)com>
To: Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>
Cc: Magnus Hagander <magnus(at)hagander(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-patches(at)postgreSQL(dot)org, Stephen Frost <sfrost(at)snowman(dot)net>
Subject: Re: Proposed patch to disallow password=foo in databasename parameter
Date: 2007-12-11 12:31:27
Message-ID: 475E831F.3040306@enterprisedb.com (view raw or flat)
Thread:
Lists: pgsql-patches
Alvaro Herrera wrote:
> Magnus Hagander wrote:
>> On Mon, Dec 10, 2007 at 10:47:19PM -0500, Tom Lane wrote:
> 
>> If we want to prevent it for psql, we should actually prevent it *in* psql,
>> not in libpq. There are an infinite number of scenarios where it's
>> perfectly safe to put the password there... If we want to do it share, we
>> should add a function like PQSanitizeConnectionString() that will remove
>> it, that can be called from those client apps that may be exposing it.
>>
>> There are also platforms that don't show the full commandline to other
>> users - or even other processes - that aren't affected, of course.
> 
> One idea is to have psql "hide" the password on the ps status.  That way
> it becomes less of a security issue.  It would still be a problem on
> certain operating systems, but at least several common platforms would
> be covered.

There would still be race condition. It would still be visible until 
psql hides it. In a way that would be even worse, because it wouldn't be 
obvious to an administrator that there's a problem because the password 
wouldn't be visible in ps output, but hackers know about stuff like that.

-- 
   Heikki Linnakangas
   EnterpriseDB   http://www.enterprisedb.com

In response to

pgsql-patches by date

Next:From: Andrew DunstanDate: 2007-12-11 13:58:05
Subject: Re: Proposed patch to disallow password=foo in database name parameter
Previous:From: Alvaro HerreraDate: 2007-12-11 12:22:46
Subject: Re: Proposed patch to disallow password=foo in databasename parameter

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group