Tom Lane wrote:
While going through the contrib documentation, I notice that both
oid2name and pgbench allow specifying a password on the command line,
ie
-P password
This is known to be horribly bad security practice (because the password
is exposed to everyone else on the machine), and we don't allow any of
our standard applications to do it. Why is contrib getting a free pass?
I think we should fix these two programs to work the same as our
other apps, ie, interactively prompt for password when needed.
Maybe we should also refuse to take passwords from conninfo strings
passed as dbname params, for the same reason. Probably the simplest way
would be add a flag to the arguments to
libpq/fe-connect.c::connectOptions1() to indicate whether or not to get
the password out of the string.
cheers
andrew
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly
