Re: Proposed patch to disallow password=foo in databasename parameter
| От | Heikki Linnakangas |
|---|---|
| Тема | Re: Proposed patch to disallow password=foo in databasename parameter |
| Дата | |
| Msg-id | 475E831F.3040306@enterprisedb.com обсуждение исходный текст |
| Ответ на | Re: Proposed patch to disallow password=foo in database name parameter (Alvaro Herrera <alvherre@alvh.no-ip.org>) |
| Список | pgsql-patches |
Alvaro Herrera wrote: > Magnus Hagander wrote: >> On Mon, Dec 10, 2007 at 10:47:19PM -0500, Tom Lane wrote: > >> If we want to prevent it for psql, we should actually prevent it *in* psql, >> not in libpq. There are an infinite number of scenarios where it's >> perfectly safe to put the password there... If we want to do it share, we >> should add a function like PQSanitizeConnectionString() that will remove >> it, that can be called from those client apps that may be exposing it. >> >> There are also platforms that don't show the full commandline to other >> users - or even other processes - that aren't affected, of course. > > One idea is to have psql "hide" the password on the ps status. That way > it becomes less of a security issue. It would still be a problem on > certain operating systems, but at least several common platforms would > be covered. There would still be race condition. It would still be visible until psql hides it. In a way that would be even worse, because it wouldn't be obvious to an administrator that there's a problem because the password wouldn't be visible in ps output, but hackers know about stuff like that. -- Heikki Linnakangas EnterpriseDB http://www.enterprisedb.com
В списке pgsql-patches по дате отправления: