Re: Proposed patch to disallow password=foo in database name parameter

Поиск
Список
Период
Сортировка
От Andrew Dunstan
Тема Re: Proposed patch to disallow password=foo in database name parameter
Дата
Msg-id 475E976D.1020005@dunslane.net
обсуждение исходный текст
Ответ на Re: Proposed patch to disallow password=foo in database name parameter  (Tom Lane <tgl@sss.pgh.pa.us>)
Ответы Re: Proposed patch to disallow password=foo in database name parameter  (Decibel! <decibel@decibel.org>)
Список pgsql-patches
Дерево обсуждения 

Tom Lane wrote:
> It's also worth noting that we haven't removed the PGPASSWORD
> environment variable, even though that's demonstrably insecure on some
> platforms.
>

True. But at least its use is deprecated. The reason I put in PGPASSFILE
was to tempt (so far unsuccessfully) the maintainers of a certain well
known application to stop using PGPASSWORD.

> I'm actually inclined to vote with Stephen that this is a silly change.
> I just put up the patch to show the best way of doing it if we're gonna
> do it ...
>
>
>

OK. I'm not going to die in a ditch over it.

cheers

andrew

В списке pgsql-patches по дате отправления:

Предыдущее
От: Heikki Linnakangas
Дата:
Сообщение: Re: Proposed patch to disallow password=foo in databasename parameter
Следующее
От: Zdenek Kotala
Дата:
Сообщение: DOC: Wal update