Karl DeBisschop <kdebisschop@range.infoplease.com> writes:
>> What I am starting to think is that we do need a C program. However,
>> it could be very small; it shouldn't try to do all of what initdb does.
> Why not something like:
> [ fire up a postmaster and send it an ALTER USER command ]
That's got a race condition: at the time you start the postmaster,
the postgres superuser hasn't got a password. A bad guy could get
in there and set the password the way *he* wanted it, or less
detectably: just connect as postgres, wait for you to set the password,
then read it out (he's still connected as postgres and still has
superuser rights...)
If we thought that was acceptable, the whole issue of setting the
password in initdb (rather than doing it manually later on) wouldn't
be on the table. The idea is to have a password in place *before*
opening the store.
If Bruce is correct that 'echo' is a shell builtin on all shells,
thenecho "ALTER USER ..." | standalone-backend
seems like a sufficient solution. I am a little concerned about
that "if", but it may be a close-enough answer.
regards, tom lane
