Home > mailing lists

[PATCH] pg_autovacuum commandline password hiding. - Mailing list pgsql-patches

From	Ian FREISLICH
Subject	[PATCH] pg_autovacuum commandline password hiding.
Date	May 24, 2005 07:03:08
Msg-id	E1DaTRK-000H7r-2P@hetzner.co.za Whole thread Raw
Responses	Re: [PATCH] pg_autovacuum commandline password hiding. (Neil Conway <neilc@samurai.com>) Re: [PATCH] pg_autovacuum commandline password hiding. (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-patches

Tree view

Hi

I'm not sure if you've done this for a later version of pg_autovacuum.
I'm using what came with postgres-7.4.6.  For database security on
a shared server (~800 logins) it's best to set the superuser password
and not allow passwordless connections.  The only thing is that
pg_autovacuum keeps the password supplied on the commandline so
anyone that does a 'ps' can get the database superuser password.

--- pg_autovacuum.c.orig        Mon Apr 18 08:08:27 2005
+++ pg_autovacuum.c     Mon Apr 18 07:57:59 2005
@@ -879,7 +879,8 @@
                                args->user = optarg;
                                break;
                        case 'P':
-                               args->password = optarg;
+                               args->password = strdup(optarg);
+                               for (c = 0; optarg[c]; optarg[c++] = 'x');
                                break;
                        case 'H':
                                args->host = optarg;

I hope that this is a worthwhile patch.

Ian


--
Ian Freislich

pgsql-patches by date:

From: Bruce Momjian
Date: 24 May 2005, 04:18:33
Subject: Re: Exec statement logging

From: Neil Conway
Date: 24 May 2005, 07:19:16
Subject: Re: [PATCH] pg_autovacuum commandline password hiding.

[PATCH] pg_autovacuum commandline password hiding. - Mailing list pgsql-patches

Previous

Next