Home > mailing lists

Re: [HACKERS] TODO list updated - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: [HACKERS] TODO list updated
Date	January 13, 2000 09:21:52
Msg-id	Pine.GSO.4.02A.10001131216270.6438-100000@Pingvin.DoCS.UU.SE Whole thread Raw
In response to	Re: [HACKERS] TODO list updated (The Hermit Hacker <scrappy@hub.org>)
Responses	Re: [HACKERS] TODO list updated Re: [HACKERS] TODO list updated
List	pgsql-hackers

Tree view

On Wed, 12 Jan 2000, The Hermit Hacker wrote:

> On Wed, 12 Jan 2000, Bruce Momjian wrote:
> 
> > > If we do a 'CREATE USER <user> WITH PASSWORD <pass>', its no more secure
> > > then using a command line switch for password ... 
> > 
> > Why is that?  ps shows command args, righ?
> 
> Point.  You won me over :)

But it doesn't show the complete command line, only SELECT or UPDATE, etc.
I'm not sure if it also shows create, I haven't been able to simulate
that.

What's the whole point of access control if you can happily scan your ps
output for all selects, inserts, updates, etc. going through and keep
record of it?

-- 
Peter Eisentraut                  Sernanders vaeg 10:115
peter_e@gmx.net                   75262 Uppsala
http://yi.org/peter-e/            Sweden

pgsql-hackers by date:

From: Peter Eisentraut
Date: 13 January 2000, 09:16:57
Subject: Re: [HACKERS] TODO list updated

From: Peter Eisentraut
Date: 13 January 2000, 09:24:59
Subject: Re: [HACKERS] libpq+MB/putenv(), getenv() clean up

Re: [HACKERS] TODO list updated - Mailing list pgsql-hackers

Previous

Next