Thread: Bad security practice in oid2name and pgbench

Bad security practice in oid2name and pgbench

From

Tom Lane

Date:

09 December 2007, 02:42:19

While going through the contrib documentation, I notice that both
oid2name and pgbench allow specifying a password on the command line,
ie-P password

This is known to be horribly bad security practice (because the password
is exposed to everyone else on the machine), and we don't allow any of
our standard applications to do it.  Why is contrib getting a free pass?

I think we should fix these two programs to work the same as our
other apps, ie, interactively prompt for password when needed.
        regards, tom lane

Re: Bad security practice in oid2name and pgbench

From

Andrew Dunstan

Date:

09 December 2007, 03:55:38

Tom Lane wrote:
> While going through the contrib documentation, I notice that both
> oid2name and pgbench allow specifying a password on the command line,
> ie
>     -P password
>
> This is known to be horribly bad security practice (because the password
> is exposed to everyone else on the machine), and we don't allow any of
> our standard applications to do it.  Why is contrib getting a free pass?
>
> I think we should fix these two programs to work the same as our
> other apps, ie, interactively prompt for password when needed.
>
>   

Maybe we should also refuse to take passwords from conninfo strings 
passed as dbname params, for the same reason. Probably the simplest way 
would be add a flag to the arguments to 
libpq/fe-connect.c::connectOptions1() to indicate whether or not to get 
the password out of the string.

cheers

andrew