On Thu, 13 Jan 2000, Peter Eisentraut wrote:
> On Wed, 12 Jan 2000, Tom Lane wrote:
>
> > Note that if initdb is a shell script, then it still has to be very
> > careful what it does with the password; put it in any command line
> > for a program invoked by the script, and the leak is back with you.
> > A C-program version of initdb would be a lot safer. But in theory you
> > can pass the password to the backend without exposing it in any command
> > line (put it in a data file instead, say).
>
> What is does is some sort of sed s/genericpassword/realpassword/ so I
> guess this is not completely safe either. But something like this you'd
> have to do. Can I count you in on beating Bruce into submission for an
> initdb in C? ;)
Just a thought...since its a script, why not put the password into an
environment variable and read it from that?
Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org