Home > mailing lists

Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens - Mailing list pgsql-hackers

From	Bruce Momjian
Subject	Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens
Date	November 28, 2001 18:02:53
Msg-id	200111282000.fASK07h01060@candle.pha.pa.us Whole thread Raw
In response to	Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens up (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens
List	pgsql-hackers

Tree view

> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > I will document the security problem with PGPASSWORD and add a TODO item
> > to remove it in 7.3.  Is that OK with everyone?
> 
> I don't think we should remove it.  Documenting that using it is a
> security risk on some platforms seems a good idea, however.

OK, new text is:
<envar>PGPASSWORD</envar>sets the password used if the backend demands passwordauthentication. This is not recommended
becausethe password canbe read by others using <command>ps -e</command>.

I am unsure if Linux has this problem but it seems most other Unix's do.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026

pgsql-hackers by date:

From: Vince Vielhaber
Date: 28 November 2001, 18:02:37
Subject: Re: Sequence docs

From: Tom Lane
Date: 28 November 2001, 18:02:54
Subject: Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens

Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens - Mailing list pgsql-hackers

Previous

Next