Thread: Re: [HACKERS] TODO list updated

Re: [HACKERS] TODO list updated

From

Peter Eisentraut

Date:

13 January 2000, 11:30:55

On Thu, 13 Jan 2000, Bruce Momjian wrote:

> > What is does is some sort of sed s/genericpassword/realpassword/ so I
> > guess this is not completely safe either. But something like this you'd
> > have to do. Can I count you in on beating Bruce into submission for an
> > initdb in C? ;)
> 
> I will be responsible to make sure the password doesn't get into a
> command as an argument.  sed has a -f command that will take it's regex
> input from a file.  That is the solution, though the umask has to be set
> to make sure the temp file is not readable by anyone else.

That's one more file to find and to erase! Sounds very ugly to me. Better
leave off this option altogether and user alter user. Can end users
comment on this at all?

> Most OS vendors use shell scripts for this type of thing because it
> doesn't have to be fast, and it is changed often.

So we can do it better! Also besides actual code changes (as recently),
initdb itself hardly ever changes. When I get some time I'll develop a
prototype to convince you. :)

-- 
Peter Eisentraut                  Sernanders vaeg 10:115
peter_e@gmx.net                   75262 Uppsala
http://yi.org/peter-e/            Sweden

Re: [HACKERS] TODO list updated

From

The Hermit Hacker

Date:

13 January 2000, 11:38:58

On Thu, 13 Jan 2000, Peter Eisentraut wrote:

> On Thu, 13 Jan 2000, Bruce Momjian wrote:
> 
> > > What is does is some sort of sed s/genericpassword/realpassword/ so I
> > > guess this is not completely safe either. But something like this you'd
> > > have to do. Can I count you in on beating Bruce into submission for an
> > > initdb in C? ;)
> > 
> > I will be responsible to make sure the password doesn't get into a
> > command as an argument.  sed has a -f command that will take it's regex
> > input from a file.  That is the solution, though the umask has to be set
> > to make sure the temp file is not readable by anyone else.
> 
> That's one more file to find and to erase! Sounds very ugly to me. Better
> leave off this option altogether and user alter user. Can end users
> comment on this at all?
> 
> > Most OS vendors use shell scripts for this type of thing because it
> > doesn't have to be fast, and it is changed often.
> 
> So we can do it better! Also besides actual code changes (as recently),
> initdb itself hardly ever changes. When I get some time I'll develop a
> prototype to convince you. :)

I could be wrong here, but I don't think anyone *really* cares whether its
in script or C...just nobody wants to do the coding... :)

I personally think there have been enough solutions to the problem
provided that a C version isn't required, but if someone wants to go
through the trouble of doing it (when suitable solutions are present to
not require it), who am I to argue?

Marc G. Fournier                   ICQ#7615664               IRC Nick: Scrappy
Systems Administrator @ hub.org 
primary: scrappy@hub.org           secondary: scrappy@{freebsd|postgresql}.org

Re: [HACKERS] TODO list updated

From

Bruce Momjian

Date:

13 January 2000, 11:39:58

> On Thu, 13 Jan 2000, Bruce Momjian wrote:
> 
> > > What is does is some sort of sed s/genericpassword/realpassword/ so I
> > > guess this is not completely safe either. But something like this you'd
> > > have to do. Can I count you in on beating Bruce into submission for an
> > > initdb in C? ;)
> > 
> > I will be responsible to make sure the password doesn't get into a
> > command as an argument.  sed has a -f command that will take it's regex
> > input from a file.  That is the solution, though the umask has to be set
> > to make sure the temp file is not readable by anyone else.
> 
> That's one more file to find and to erase! Sounds very ugly to me. Better
> leave off this option altogether and user alter user. Can end users
> comment on this at all?

Huh.  Use trap and have it automatically removed on exit:
trap "rm -f /tmp/pgpass.$$" 0 1 2 3 15

> 
> > Most OS vendors use shell scripts for this type of thing because it
> > doesn't have to be fast, and it is changed often.
> 
> So we can do it better! Also besides actual code changes (as recently),
> initdb itself hardly ever changes. When I get some time I'll develop a
> prototype to convince you. :)

OK.

--  Bruce Momjian                        |  http://www.op.net/~candle maillist@candle.pha.pa.us            |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026

Re: [HACKERS] TODO list updated

From

Karl DeBisschop

Date:

13 January 2000, 12:14:54

> That's one more file to find and to erase! Sounds very ugly to me. Better
> leave off this option altogether and user alter user. Can end users
> comment on this at all?

As an end user, an initdb in C sounds like the best option.  

I don't really like the temp file idea - i have too many temp files
already. Nor will the average user be immediately understand that the
environment variable should be set without leaving a trace in their
history.

I suppose any of the options could be added to initdb for the novice
or lazy user.  If there is no other solution, I'd prefer a note on
initdb to `psql template1` and `ALTER USER...`

-- 
Karl DeBisschop <kdebisschop@alert.infoplease.com>
617.832.0332 (Fax: 617.956.2696)

Information Please - your source for FREE online reference
http://www.infoplease.com  - Your Ultimate Fact Finder
http://kids.infoplease.com - The Great Homework Helper

Netsaint Plugins Development
http://netsaintplug.sourceforge.net