Re: [HACKERS] TODO list updated

On Thu, 13 Jan 2000, Peter Eisentraut wrote:

> On Wed, 12 Jan 2000, Tom Lane wrote:
> 
> > Note that if initdb is a shell script, then it still has to be very
> > careful what it does with the password; put it in any command line
> > for a program invoked by the script, and the leak is back with you.
> > A C-program version of initdb would be a lot safer.  But in theory you
> > can pass the password to the backend without exposing it in any command
> > line (put it in a data file instead, say).
> 
> What is does is some sort of sed s/genericpassword/realpassword/ so I
> guess this is not completely safe either. But something like this you'd
> have to do. Can I count you in on beating Bruce into submission for an
> initdb in C? ;)

Just a thought...since its a script, why not put the password into an
environment variable and read it from that?  

Marc G. Fournier                   ICQ#7615664               IRC Nick: Scrappy
Systems Administrator @ hub.org 
primary: scrappy@hub.org           secondary: scrappy@{freebsd|postgresql}.org