Re: Have an encrypted pgpass file

Isaac Morland <isaac.morland@gmail.com> writes:
>>> It would also provide a *very* fertile source of shell-script-injection
>>> vulnerabilities.  (Whaddya mean, you tried to use a user name with a
>>> quote mark in it?)

> If I understand the proposal correctly, the pgpass program would run on the
> client, invoked by libpq when a password is needed for a connection. So the
> risk relates to strange things happening on the client when the client
> attempts to connect as a strangely-named user or to a strangely-named
> database or host, not to being able to break into the server.

Yeah.  The most obvious scenario for trouble is that somebody enters
a crafted user name on a website, and that results in bad things happening
on an application-server machine that tried to pass that user name to
a database server.  The DB server itself isn't compromised, but the app
server could be.

If we were putting this sort of feature into psql, it wouldn't be such
a risk, but if it's in libpq then I fear it is.  libpq underlies a lot
of client-side code.

            regards, tom lane