Michael Paquier <michael.paqu...@gmail.com> writes:
> On Thu, Jun 30, 2016 at 6:47 AM, Tom Lane <t...@sss.pgh.pa.us> wrote:
>> It strikes me that keeping a password embedded in the conninfo from being
>> exposed might be quite a bit harder/riskier if it became a GUC.  Something
>> to keep in mind if we ever try to make that change ...

> Exposing it in memory for a long time is an issue even if we have a
> new GUC-flag to obfuscate the value in some cases..

Well, mumble ... I'm having a hard time understanding the threat model
we're guarding against there.  An attacker who can read process memory
can probably read the config file too.  I don't mind getting rid of the
in-memory copy if it's painless to do so, but I doubt that it's worth
any large amount of effort.

                        regards, tom lane


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to