Michael Paquier <michael.paquier@gmail.com> writes:
> On Thu, Jun 30, 2016 at 6:47 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> It strikes me that keeping a password embedded in the conninfo from being
>> exposed might be quite a bit harder/riskier if it became a GUC. Something
>> to keep in mind if we ever try to make that change ...
> Exposing it in memory for a long time is an issue even if we have a
> new GUC-flag to obfuscate the value in some cases..
Well, mumble ... I'm having a hard time understanding the threat model
we're guarding against there. An attacker who can read process memory
can probably read the config file too. I don't mind getting rid of the
in-memory copy if it's painless to do so, but I doubt that it's worth
any large amount of effort.
regards, tom lane