Home > mailing lists

Re: Proposed patch to disallow password=foo in database name parameter - Mailing list pgsql-patches

From	Andrew Dunstan
Subject	Re: Proposed patch to disallow password=foo in database name parameter
Date	December 11, 2007 12:58:38
Msg-id	475E976D.1020005@dunslane.net Whole thread Raw
In response to	Re: Proposed patch to disallow password=foo in database name parameter (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Proposed patch to disallow password=foo in database name parameter
List	pgsql-patches

Tree view

Tom Lane wrote:
> It's also worth noting that we haven't removed the PGPASSWORD
> environment variable, even though that's demonstrably insecure on some
> platforms.
>

True. But at least its use is deprecated. The reason I put in PGPASSFILE
was to tempt (so far unsuccessfully) the maintainers of a certain well
known application to stop using PGPASSWORD.

> I'm actually inclined to vote with Stephen that this is a silly change.
> I just put up the patch to show the best way of doing it if we're gonna
> do it ...
>
>
>

OK. I'm not going to die in a ditch over it.

cheers

andrew

pgsql-patches by date:

From: Heikki Linnakangas
Date: 11 December 2007, 11:31:41
Subject: Re: Proposed patch to disallow password=foo in databasename parameter

From: Zdenek Kotala
Date: 11 December 2007, 13:28:40
Subject: DOC: Wal update

Re: Proposed patch to disallow password=foo in database name parameter - Mailing list pgsql-patches

Previous

Next