Postgres Pro
Downloads
Home   >   mailing lists

Re: Problem with accesing Oracle from plperlu functionwhen using remote pg client. - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: Problem with accesing Oracle from plperlu functionwhen using remote pg client.
Date
Msg-id 200903170200.n2H20fM20711@momjian.us
Whole thread Raw
In response to Re: Problem with accesing Oracle from plperlu functionwhen using remote pg client.  ("Jonah H. Harris" <jonah.harris@gmail.com>)
List pgsql-hackers
Tree view 
Jonah H. Harris wrote:
> On Mon, Mar 16, 2009 at 8:50 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> 
> > Heikki Linnakangas <heikki.linnakangas@enterprisedb.com> writes:
> > > Hmm, I wonder if you could do something malicious with it.
> >
> > There are any number of scenarios where exposing the client command-line
> > contents to other database users represents a security hole, quite
> > independently of whether anything falls over depending on the line
> > contents.  (I wonder whether there are any Oracle clients that accept
> > a password on the command line, for instance.)
> 
> 
> Sure they let you pass the password on the command line, but they don't
> recommend it.  Most of the utilities accept the syntax:
> 
> utility user/pass@instance
> 
> Just doing user@instance will generally prompt for a password.
> 
> Ahh, the number of passwords I've recovered from shell history files as a
> consultant... good times :)
> 
> The only reason this complaint is directed to us, and not Oracle,
> > is that the complainant knows how far he's likely to get complaining
> > to Oracle :-(
> 
> 
> I don't doubt that.  But, like I said, it's really a matter of the
> application name.  In our case, Postgres falls into that corner case and we
> either choose to do something about it or we don't.  I put the temporary
> solution out there for anyone that has the problem.  If we want to fix it
> long-term, we'd have to look at one of the previously discussed alternatives
> to using (port).  I don't particularly care one way or another, but if we
> were to change the ps line format, I just wanted to say that I preferred
> host:port rather than host(port).

I think I was the one who originally added the port in paretheses, and I
agree that a colon would have made more sense, but I never thought of
it.
postgres test 127.0.0.1(57966) idle

vs.
postgres test 127.0.0.1:57966 idle

In fact my old BSD ps looks like:
postgres test 127.0.0.1(58013) idle (postmaster)

The old argv[0] is in parentheses.

I think any serious tools are now using pg_stat_activity.  I saw we make
the change in 8.4 and just document it.  I wouldn't make the change for
Oracle but rather for clarity.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com
 + If your life is a hard drive, Christ can be your backup. +

pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: small but useful patches for text searcht
Next
From: Tom Lane
Date:
Subject: Re: Problem with accesing Oracle from plperlu functionwhen using remote pg client.