On Fri, 2003-03-21 at 16:06, Oliver Elphick wrote:
> Is this paranoia, or is it a valid security point. Any comments,
> please?
A little from column A, a little from column B, IMHO.
> if an application is linked against libpq, then the user is able to
> specify environmental variables to override the defaults
Note that this overrides the *default* -- if the application specifies
the full set of data of the host it wants to connect to, the
environmental vars shouldn't be used, AFAIK.
> if the user runs the program with the environment variable PORT set to
> 23423, he can install his own program on that port listening for the
> password! he can then use that password to connect to the real database
> and delete everything.
How is that any different than the user altering the database hostname
the client connects to, and setting up a fake DB server on that host?
Many database applications allow that...
Cheers,
Neil