On Thu, Nov 14, 2019 at 8:54 AM Sehrope Sarkuni <sehrope@jackdb.com> wrote:
> Has the idea of using environment variables (rather than command line
> args) for external commands been brought up before? I couldn't find
> anything in the mailing list archives.
Passing data through environment variables isn't secure. Try 'ps -E'
on MacOS, or something like 'ps axe' on Linux.
If we want to pass data securely to child processes, the way to do it
is via stdin. Data sent back and forth via file descriptors can't
easily be snooped by other users on the system.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company