Re: Proposed patch to disallow password=foo in database name parameter

Magnus Hagander wrote:
> On Mon, Dec 10, 2007 at 10:47:19PM -0500, Tom Lane wrote:

> If we want to prevent it for psql, we should actually prevent it *in* psql,
> not in libpq. There are an infinite number of scenarios where it's
> perfectly safe to put the password there... If we want to do it share, we
> should add a function like PQSanitizeConnectionString() that will remove
> it, that can be called from those client apps that may be exposing it.
>
> There are also platforms that don't show the full commandline to other
> users - or even other processes - that aren't affected, of course.

One idea is to have psql "hide" the password on the ps status.  That way
it becomes less of a security issue.  It would still be a problem on
certain operating systems, but at least several common platforms would
be covered.

--
Alvaro Herrera                         http://www.flickr.com/photos/alvherre/
Officer Krupke, what are we to do?
Gee, officer Krupke, Krup you! (West Side Story, "Gee, Officer Krupke")