> On Wed, 12 Jan 2000, Tom Lane wrote:
>
> > Note that if initdb is a shell script, then it still has to be very
> > careful what it does with the password; put it in any command line
> > for a program invoked by the script, and the leak is back with you.
> > A C-program version of initdb would be a lot safer. But in theory you
> > can pass the password to the backend without exposing it in any command
> > line (put it in a data file instead, say).
>
> What is does is some sort of sed s/genericpassword/realpassword/ so I
> guess this is not completely safe either. But something like this you'd
> have to do. Can I count you in on beating Bruce into submission for an
> initdb in C? ;)
I will be responsible to make sure the password doesn't get into a
command as an argument. sed has a -f command that will take it's regex
input from a file. That is the solution, though the umask has to be set
to make sure the temp file is not readable by anyone else.
Most OS vendors use shell scripts for this type of thing because it
doesn't have to be fast, and it is changed often.
-- Bruce Momjian | http://www.op.net/~candle maillist@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026
