On 07/18/2018 04:25 PM, Tom Lane wrote:
> Alvaro Herrera <alvherre@2ndquadrant.com> writes:
>> Seems to me that passing %-specifiers to the command would make it more
>> useful (%u for "user", "host" etc) -- your command could refuse to give
>> you a password for the superuser account for instance but grant one for
>> a read-only user.
> It would also provide a *very* fertile source of shell-script-injection
> vulnerabilities. (Whaddya mean, you tried to use a user name with a
> quote mark in it?)
>
> This is exactly the kind of area in which I'm concerned for the
> possibility of sloppily-written scripts being a net negative for
> security.
Although I appreciate the concern, can we not worried about this? Your
argument basically boils down to: Dumb will be Dumb. That will not
change no matter what we do as is obvious by the number of people STILL
using postgres as their connected web app user. The usability of this
feature if fleshed out correctly is pretty large.
JD
> regards, tom lane
>
--
Command Prompt, Inc. || http://the.postgres.company/ || @cmdpromptinc
*** A fault and talent of mine is to tell it exactly how it is. ***
PostgreSQL centered full stack support, consulting and development.
Advocate: @amplifypostgres || Learn: https://postgresconf.org
***** Unless otherwise stated, opinions are my own. *****
