On Thu, Nov 14, 2019 at 11:42:05AM +0100, Magnus Hagander wrote: > On Wed, Nov 13, 2019 at 9:23 PM Tomas Vondra <tomas.von...@2ndquadrant.com> > I think it would be beneficial to explain why shared object is more > secure than an OS command. Perhaps it's common knowledge, but it's not > quite obvious to me. > > > Yeah, that probably wouldn't hurt. It's also securely passing from more than > one perspective -- both from the "cannot be eavesdropped" (like putting the > password on the commandline for example) and the requirement for escaping.
I think a bigger issue is that if you want to give people the option of using a shell command or a shared object, and if you use two commands to control it, it isn't clear what happens if both are defined. By using some character prefix to control if a shared object is used, you can use a single variable and there is no confusion over having two variables and their conflicting behavior. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
