[PATCH] pg_autovacuum commandline password hiding.
This is a discussion on [PATCH] pg_autovacuum commandline password hiding. within the Pgsql Patches forums, part of the PostgreSQL category; --> Hi I'm not sure if you've done this for a later version of pg_autovacuum. I'm using what came with ...
| |||||||
![[PATCH] pg_autovacuum commandline password hiding.](http://www.unixadmintalk.com/iconimages/pgsql-patches/patch-pg_autovacuum-commandline-password-hiding_ltr.gif)
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-18-2008, 12:21 AM
| ||||
| ||||
 [PATCH] pg_autovacuum commandline password hiding. Hi I'm not sure if you've done this for a later version of pg_autovacuum. I'm using what came with postgres-7.4.6. For database security on a shared server (~800 logins) it's best to set the superuser password and not allow passwordless connections. The only thing is that pg_autovacuum keeps the password supplied on the commandline so anyone that does a 'ps' can get the database superuser password. --- pg_autovacuum.c.orig Mon Apr 18 08:08:27 2005 +++ pg_autovacuum.c Mon Apr 18 07:57:59 2005 @@ -879,7 +879,8 @@ args->user = optarg; break; case 'P': - args->password = optarg; + args->password = strdup(optarg); + for (c = 0; optarg[c]; optarg[c++] = 'x'); break; case 'H': args->host = optarg; I hope that this is a worthwhile patch. Ian -- Ian Freislich ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster      |
|
04-18-2008, 12:21 AM
| |||
| |||
| Re: [PATCH] pg_autovacuum commandline password hiding. Ian FREISLICH wrote: > I'm not sure if you've done this for a later version of pg_autovacuum. > I'm using what came with postgres-7.4.6. For database security on > a shared server (~800 logins) it's best to set the superuser password > and not allow passwordless connections. The only thing is that > pg_autovacuum keeps the password supplied on the commandline so > anyone that does a 'ps' can get the database superuser password. Is this portable? Considering the hoops that backend/utils/misc/ps_status.c jumps through to do something similar for the postmaster, I would guess not. BTW, I would suggest using ~/.pgpass, as that should be secure on all platforms. -Neil ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to majordomo@postgresql.org so that your message can get through to the mailing list cleanly |
|
04-18-2008, 12:21 AM
| ||||
| ||||
| Re: [PATCH] pg_autovacuum commandline password hiding. Ian FREISLICH <if@hetzner.co.za> writes: > ... The only thing is that > pg_autovacuum keeps the password supplied on the commandline so > anyone that does a 'ps' can get the database superuser password. Which is exactly why we don't (and won't) provide such a switch. Use ~/.pgpass instead. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org |
 |
« Re: [PATCH] pg_autovacuum commandline password hiding.
|
Re: [PATCH] pg_autovacuum commandline password hiding. »
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 04:43 PM.
