| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Oskari Saarenmaa <os(at)ohmu(dot)fi> |
| Cc: | Julian Markwort <julian(dot)markwort(at)uni-muenster(dot)de>, Andrew Dunstan <andrew(at)dunslane(dot)net>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] pgpassfile connection option |
| Date: | 2016-10-18 15:55:16 |
| Message-ID: | CA+TgmoZ_wDEZN7xF8aZHKSCUX_dzEaBXT5ywZy2XgBGenUc5Lg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Oct 11, 2016 at 5:06 PM, Oskari Saarenmaa <os(at)ohmu(dot)fi> wrote:
> $ PASSWORD=xyz psql 'password=$PASSWORD dbname=foo'
>
> This does have the hazard of making it very easy to accidentally use double
> quotes instead of single quotes and have the shell expand the variable
> making it visible in process listing though.
It has the hazard that environment variables are visible in the
process listing anyway on many platforms. On Linux, try "ps auxeww";
on MacOS X, try "ps -efEww". At a quick glance, it seems that on both
of those platforms you have to either be root or be the same user that
owns the process, but I'm not sure that every platform will have it
locked down that tightly and even that might be more exposure than you
really want.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jonathan Jacobson | 2016-10-18 16:26:35 | Multiple psql history files |
| Previous Message | Tom Lane | 2016-10-18 15:49:02 | Re: Add PGDLLEXPORT to PG_FUNCTION_INFO_V1 |