| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Julian Markwort <julian(dot)markwort(at)uni-muenster(dot)de>, Andrew Dunstan <andrew(at)dunslane(dot)net>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] pgpassfile connection option |
| Date: | 2016-11-20 00:04:05 |
| Message-ID: | 20161120000405.GE13284@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
All,
* Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
> You could do something like that, I guess, but I think it might be a
> good idea to wait and see if anyone else has opinions on (1) the
> desirability of the basic feature, (2) the severity of the security
> hazard it creates, and (3) your proposed remediation method.
[...]
> Hey, everybody: chime in here...
The feature strikes me as pretty reasonable to have and the pghoard
example shows that it can be quite handy in some circumstances. I don't
see much merit behind the security concern raised- the file in question
would have to have the correct format and you would have to be
connecting to a system listed in that file for any disclosure to happen,
no? As such, I don't know that any remediation is necessary for this.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2016-11-20 01:56:00 | Re: [sqlsmith] Crash on GUC serialization |
| Previous Message | Stephen Frost | 2016-11-19 23:49:44 | Re: Improvements in psql hooks for variables |