The Hermit Hacker <scrappy@hub.org> writes:
> On Wed, 12 Jan 2000, Bruce Momjian wrote:
>> OK, now we have to decide if we are going to require this be done as
>> part of initdb. I am inclined to say the user _has_ to be _prompted_ in
>> a secure matter for the password as part of initdb. Have a command-line
>> switch for the password is not secure, IMHO, though it is better than
>> nothing.
> If we do a 'CREATE USER <user> WITH PASSWORD <pass>', its no more secure
> then using a command line switch for password ...
Yes it is --- if you have a shell script that is invoked byinitdb --password pgsqlPassword ...
then anyone else on the same machine who happens to be doing a "ps"
meanwhile will see your password.
Note that if initdb is a shell script, then it still has to be very
careful what it does with the password; put it in any command line
for a program invoked by the script, and the leak is back with you.
A C-program version of initdb would be a lot safer. But in theory you
can pass the password to the backend without exposing it in any command
line (put it in a data file instead, say).
regards, tom lane
