Обсуждение: BUG #8438: Usage of Pipe operator in Windows(CMD.exe) shows the password typed with any PG utility.
BUG #8438: Usage of Pipe operator in Windows(CMD.exe) shows the password typed with any PG utility.
От
raghavendra.rao@enterprisedb.com
Дата:
The following bug has been logged on the website: Bug reference: 8438 Logged by: Raghav Email address: raghavendra.rao@enterprisedb.com PostgreSQL version: 9.2.2 Operating system: Windows Description: Hi, I have PostgreSQL 9.2 instance on Windows 7 running in MD5 authentication mode. Anytime I connect I need to pass the password for connection. When I try to connect from command prompt using PIPE ('|") operator; and the password I type is visible(shown) instead of hiding it. For example in linux, any password typed when prompted will not show it just hides it. Which seems not the same in windows. Please look at the example below: 1. Go to command prompt (runas /user:postgres "cmd.exe") 2. Pass the some command using pipe operator to Psql (or any utility). c:\Program Files\PostgreSQL\9.2\bin>echo select version(); | psql -p 5433 Password: postgres version ------------------------------------------------------------- PostgreSQL 9.2.2, compiled by Visual C++ build 1600, 32-bit (1 row) If you see above output, the password I typed as "postgres" is clearly visible. I didn't tried to reproduce on any other version of PG or Windows. Below are my version details: Operating System: Windows 7 64 bit PostgreSQL: PostgreSQL 9.2.2 For any further information required, I would be glad to share if its sent to my email id: raghavendra.rao@enterprisedb.com. Thank you . --- Regards, Raghavendra EnterpriseDB Corporation
On Fri, Sep 6, 2013 at 05:35:57AM +0000, raghavendra.rao@enterprisedb.com wrote: > I have PostgreSQL 9.2 instance on Windows 7 running in MD5 authentication > mode. Anytime I connect I need to pass the password for connection. When I > try to connect from command prompt using PIPE ('|") operator; and the > password I type is visible(shown) instead of hiding it. For example in > linux, any password typed when prompted will not show it just hides it. > Which seems not the same in windows. Please look at the example below: > > > 1. Go to command prompt (runas /user:postgres "cmd.exe") > > > 2. Pass the some command using pipe operator to Psql (or any utility). > > > c:\Program Files\PostgreSQL\9.2\bin>echo select version(); | psql -p 5433 > Password: postgres > > > version > ------------------------------------------------------------- > PostgreSQL 9.2.2, compiled by Visual C++ build 1600, 32-bit > (1 row) > > > If you see above output, the password I typed as "postgres" is clearly > visible. I didn't tried to reproduce on any other version of PG or Windows. > Below are my version details: > > > Operating System: Windows 7 64 bit > PostgreSQL: PostgreSQL 9.2.2 > > > For any further information required, I would be glad to share if its sent > to my email id: raghavendra.rao@enterprisedb.com. I checked on our code and this is what we use in simple_prompt() on Windows to turn off echo: /* get a new handle to turn echo off */ t_orig = (LPDWORD) malloc(sizeof(DWORD)); t = GetStdHandle(STD_INPUT_HANDLE); /* save the old configuration first */ GetConsoleMode(t, t_orig); /* set to the new mode */ SetConsoleMode(t, ENABLE_LINE_INPUT | ENABLE_PROCESSED_INPUT); I think the last line is turning off ENABLE_ECHO_INPUT: http://msdn.microsoft.com/en-us/library/windows/desktop/ms686033%28v=vs.85%29.aspx Obviously it isn't working for you. Does anyone else see the psql typed password echoed on Windows? -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + Everyone has their own god. +