Re: [GENERAL] worried about PGPASSWORD drop

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Alvaro Herrera <alvherre(at)atentus(dot)com>
Cc: pgsql-patches(at)postgresql(dot)org
Subject: Re: [GENERAL] worried about PGPASSWORD drop
Date: 2002-08-29 18:33:54
Message-ID: 200208291833.g7TIXsh13979@candle.pha.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general pgsql-patches


Your patch has been added to the PostgreSQL unapplied patches list at:

http://candle.pha.pa.us/cgi-bin/pgpatches

I will try to apply it within the next 48 hours.

---------------------------------------------------------------------------

Alvaro Herrera wrote:
> En Wed, 28 Aug 2002 17:33:34 -0400 (EDT)
> Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> escribi?:
>
> > Alvaro Herrera wrote:
> > > Bruce Momjian dijo:
> > >
> > > > Tom Lane wrote:
> > >
> > > > > If you want to put in security restrictions that are actually useful,
> > > > > where is the code to verify that PGPASSWORDFILE points at a
> > > > > non-world-readable file? That needs to be there now, not later, or
> > > > > we'll have people moaning about backward compatibility when we finally
> > > > > do plug that hole.
> > > >
> > > > Agreed.
> > >
> > > Point taken, will look into it later.
> >
> > Here is some code from postmaster.c that may help:
>
> Thank you. Patch attached. Note that it also checks group access; I think
> that is desired as well.
>
> --
> Alvaro Herrera (<alvherre[a]atentus.com>)
> "Cuando ma?ana llegue pelearemos segun lo que ma?ana exija" (Mowgli)

[ Attachment, skipping... ]

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Bruce Momjian 2002-08-29 18:40:17 Re: [Pgreplication-general] Master/Slave is in town!
Previous Message Don Arbow 2002-08-29 18:29:44 Re: Securing sensitive information

Browse pgsql-patches by date

  From Date Subject
Next Message Bruce Momjian 2002-08-29 19:53:56 Re: Minor (micro) documentation fix
Previous Message Manfred Koizar 2002-08-29 17:47:47 Re: Visibility regression test