Home > mailing lists

Re: Proposed patch to disallow password=foo in database name parameter - Mailing list pgsql-patches

From	Andrew Dunstan
Subject	Re: Proposed patch to disallow password=foo in database name parameter
Date	December 11, 2007 02:33:52
Msg-id	475E0517.8020604@dunslane.net Whole thread Raw
In response to	Re: Proposed patch to disallow password=foo in database name parameter (Stephen Frost <sfrost@snowman.net>)
Responses	Re: Proposed patch to disallow password=foo in database name parameter
List	pgsql-patches

Tree view


Stephen Frost wrote:
> * Tom Lane (tgl@sss.pgh.pa.us) wrote:
>
>> Anybody think this is good, bad, or silly?  Does the issue need
>> explicit documentation, and if so where and how?
>>
>
> I'm going to have to vote 'silly' on this one.  While I agree that in
> general we should discourage, and not provide explicit command-line
> options for, passing a password on the command-line, I don't feel that
> it makes sense to explicitly complicate things to prevent it.
>
>
>

It's a matter of being consistent. If we think such a facility shouldn't
be provided on security grounds, then we shouldn't allow it via a
backdoor, ISTM.

cheers

andrew

pgsql-patches by date:

From: "Joshua D. Drake"
Date: 11 December 2007, 02:25:55
Subject: Re: Proposed patch to disallow password=foo in database name parameter

From: Tom Lane
Date: 11 December 2007, 02:47:26
Subject: Re: Proposed patch to disallow password=foo in database name parameter

Re: Proposed patch to disallow password=foo in database name parameter - Mailing list pgsql-patches

Previous

Next