| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Sehrope Sarkuni <sehrope(at)jackdb(dot)com> |
| Cc: | Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>, Simon Riggs <simon(at)2ndquadrant(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>, Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: ssl passphrase callback |
| Date: | 2020-01-23 17:30:36 |
| Message-ID: | CA+TgmoZtj2RgdoYX5TUcHGxUUaBsSpWTKbA2q8MC1W8fMmd+=g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Nov 14, 2019 at 8:54 AM Sehrope Sarkuni <sehrope(at)jackdb(dot)com> wrote:
> Has the idea of using environment variables (rather than command line
> args) for external commands been brought up before? I couldn't find
> anything in the mailing list archives.
Passing data through environment variables isn't secure. Try 'ps -E'
on MacOS, or something like 'ps axe' on Linux.
If we want to pass data securely to child processes, the way to do it
is via stdin. Data sent back and forth via file descriptors can't
easily be snooped by other users on the system.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2020-01-23 17:49:58 | Re: making the backend's json parser work in frontend code |
| Previous Message | Alvaro Herrera | 2020-01-23 17:23:14 | Re: making the backend's json parser work in frontend code |