Re: BUG #1567: can't hide password with pg_autovacuum
От | Olivier Thauvin |
---|---|
Тема | Re: BUG #1567: can't hide password with pg_autovacuum |
Дата | |
Msg-id | 200503290454.52577.olivier.thauvin@aerov.jussieu.fr обсуждение исходный текст |
Ответ на | Re: BUG #1567: can't hide password with pg_autovacuum (Bruce Momjian <pgman@candle.pha.pa.us>) |
Ответы |
Re: BUG #1567: can't hide password with pg_autovacuum
(Bruno Wolff III <bruno@wolff.to>)
|
Список | pgsql-bugs |
Le Tuesday 29 March 2005 00:40, vous avez =E9crit : > The typical way to do this is to use .pgpass in the user's home > directory. Does that help? Yes it help, but: - please notice the issue about ps into the README - the .pgpass doesn't work on my configuration: [postgres@virgo pgsql]$ pg_autovacuum [2005-03-29 04:47:32 CEST] ERROR: Failed connection to database template1= =20 with error: fe_sendauth: no password supplied =2E [2005-03-29 04:47:32 CEST] ERROR: Failed connection to database template1= =20 with error: fe_sendauth: no password supplied =2E [2005-03-29 04:47:32 CEST] ERROR: Cannot connect to template1, exiting. When permission are bad on .pgpass (other than 600), it complain, but faile= d=20 to connect on my server. Notice I have seting up access to 'password' to al= l=20 connection in my pg_hba.conf. psql... work fine and the password in .pgpass= =20 is ok. Maybe I will workaround by setting postgres user access as 'trust' for loca= l=20 connection only, but I have to reread the doc before :). > > -------------------------------------------------------------------------= -- > > Olivier Thauvin wrote: > > The following bug has been logged online: > > > > Bug reference: 1567 > > Logged by: Olivier Thauvin > > Email address: nanardon@nanardon.homelinux.org > > PostgreSQL version: 8.0.1 > > Operating system: Linux (Mandrake cooker) > > Description: can't hide password with pg_autovacuum > > Details: > > > > I found an security with pg_autovacuum :( > > After looking the README and --help, it seems there is no way to start = it > > with a configuration file. > > > > This is not a problem except when the database is password protected, so > > you have to use -P option to get it started (no prompt excpet I missed > > something). > > > > The potential issue come from ps, the password is show in clear: > > > > nanardon 28664 0.4 0.0 3644 1384 ? Ss 04:05 0:00 > > pg_autovacuum -D -s rpm2sql -PXXXXXX > > > > XXXXXX is my password in clear (hidden here of course). > > As you can see, there is enought information here for someone having an > > account on the host to connect to DB with admin privileges on the DB (n= ot > > as postgres user of course, but only the owner of the db can vacuum). > > > > Solution: > > - change the command line after start like some ftp client does > > - having the possiblility to read password from a file > > - taking password from envirronment variable (AUTOVACUUM_PASS=3Dpass > > pg_autovacuum...) > > > > If I have any time, I will try to provide a patch, but my knowledge in C > > are too poor to ensure quality :( > > > > ---------------------------(end of broadcast)--------------------------- > > TIP 9: the planner will ignore your desire to choose an index scan if > > your joining column's datatypes do not match
В списке pgsql-bugs по дате отправления:
Предыдущее
От: "Christopher Brian Jurado"Дата:
Сообщение: BUG #1570: Double quotes in all field/table names must be optional!