Magnus Hagander wrote:
> On Mon, Dec 10, 2007 at 10:47:19PM -0500, Tom Lane wrote:
> If we want to prevent it for psql, we should actually prevent it *in* psql,
> not in libpq. There are an infinite number of scenarios where it's
> perfectly safe to put the password there... If we want to do it share, we
> should add a function like PQSanitizeConnectionString() that will remove
> it, that can be called from those client apps that may be exposing it.
>
> There are also platforms that don't show the full commandline to other
> users - or even other processes - that aren't affected, of course.
One idea is to have psql "hide" the password on the ps status. That way
it becomes less of a security issue. It would still be a problem on
certain operating systems, but at least several common platforms would
be covered.
--
Alvaro Herrera http://www.flickr.com/photos/alvherre/
Officer Krupke, what are we to do?
Gee, officer Krupke, Krup you! (West Side Story, "Gee, Officer Krupke")