On Mon, 17 Mar 2025 at 16:48, Jacob Champion
<jacob.champion@enterprisedb.com> wrote:
>
> On Sun, Mar 16, 2025 at 6:49 AM Daniel Gustafsson <daniel@yesql.se> wrote:
> > IIRC the reasoning has been that if a rogue user can inject an environment
> > variable into your session and read your files it's probably game over anyways.
>
> (Personally I'm no longer as convinced by this line of argument as I
> once was...)
I'm not saying there's no attack possible here (although I cannot
think of one), but we allow configuring every other SSL option using
an env var^1. So if there is an attack possible, why would that only
apply to being able to control the sslkeylogfile as opposed to e.g.
sslmode or sslrootcert.
^1 except for "sslpassword", which is weird because that seems exactly
like one of the options you might not want to store in a connection
string for security reasons.
