Home > mailing lists

Bad security practice in oid2name and pgbench - Mailing list pgsql-hackers

From	Tom Lane
Subject	Bad security practice in oid2name and pgbench
Date	December 9, 2007 02:42:19
Msg-id	1740.1197171721@sss.pgh.pa.us Whole thread Raw
Responses	Re: Bad security practice in oid2name and pgbench
List	pgsql-hackers

Tree view

While going through the contrib documentation, I notice that both
oid2name and pgbench allow specifying a password on the command line,
ie-P password

This is known to be horribly bad security practice (because the password
is exposed to everyone else on the machine), and we don't allow any of
our standard applications to do it.  Why is contrib getting a free pass?

I think we should fix these two programs to work the same as our
other apps, ie, interactively prompt for password when needed.
        regards, tom lane

pgsql-hackers by date:

From: Andrew Dunstan
Date: 09 December 2007, 01:04:14
Subject: Re: [BUGS] BUG #3799: csvlog skips some logs

From: Robert Treat
Date: 09 December 2007, 03:43:29
Subject: Re: Release Note Changes

Bad security practice in oid2name and pgbench - Mailing list pgsql-hackers

Previous

Next