Thread: psql password prompt

Hi,

The current prompt in psql for password is merely

Password:

which is Ok when one is using psql interactively as one know exactly
which username and database server is specified.  However, when using it
for programs like vacuumdb, createuser, createdb, clusterdb etc is not
immediately obvious which (whose?) password it is asking.

Is there a reason not to change it to something like
username@host:port Password:
?

It's a trivial change and I can send a patch if people agree.

-- 
Alvaro Herrera (<alvherre[a]atentus.com>)
A male gynecologist is like an auto mechanic who never owned a car.
- Carrie Snow

Alvaro Herrera <alvherre@atentus.com> writes:
> Is there a reason not to change it to something like
> username@host:port Password:

Not sure.  I can't immediately spot any security risk in this, but that
doesn't mean there isn't any.  It bothers me that I cannot think of
*any* other password-prompting program that gives you such feedback.
Seems like if this were really a good idea, we'd not be the first to
do it ...
        regards, tom lane

On Fri, 23 Aug 2002, Tom Lane wrote:

> Alvaro Herrera <alvherre@atentus.com> writes:
> > Is there a reason not to change it to something like
> > username@host:port Password:
> 
> Not sure.  I can't immediately spot any security risk in this, but that
> doesn't mean there isn't any.  It bothers me that I cannot think of
> *any* other password-prompting program that gives you such feedback.

[swm@laptop swm]$ ssh zipperii.zip.com.au
swm@zipperii.zip.com.au's password:

:-)

Gavin

Gavin Sherry <swm@linuxworld.com.au> writes:
> On Fri, 23 Aug 2002, Tom Lane wrote:
>> It bothers me that I cannot think of
>> *any* other password-prompting program that gives you such feedback.

> [swm@laptop swm]$ ssh zipperii.zip.com.au
> swm@zipperii.zip.com.au's password:

Duh.  Okay, complaint withdrawn ...
        regards, tom lane

En Fri, 23 Aug 2002 01:12:06 -0400
Tom Lane <tgl@sss.pgh.pa.us> escribió:

> Alvaro Herrera <alvherre@atentus.com> writes:
> > Is there a reason not to change it to something like
> > username@host:port Password:
> 
> Not sure.  I can't immediately spot any security risk in this, but that
> doesn't mean there isn't any.  It bothers me that I cannot think of
> *any* other password-prompting program that gives you such feedback.
> Seems like if this were really a good idea, we'd not be the first to
> do it ...

It's not that easy anyway.  Generally psql does not have a lot of
information about connection options: those are deduced from the
environment by libpq and psql does not have access to what libpq
guesses.

It can be resolved using the same logic as libpq in psql.  It seems a
bad idea to just copy the code; another way would be separating libpq's
logic in an exportable function so psql can call it.

However, as this turns out to be more difficult than I had originally
thought, I think it's not THAT useful so I rather leave it alone, unless
somebody thinks it's useful.

-- 
Alvaro Herrera (<alvherre[a]atentus.com>)
"Para tener mas hay que desear menos"