Tom Lane wrote:
The question at hand is whether we want to support an obvious security
hole.  The argument that "some people will not care" applies with at
least as much force to psql or pg_dump, which at least have the grace
to not hang around and advertise their command-line parameters forever.
I think that using -P for pg_autovacuum is just plain stupid, even on a
nominally secure single-user box.


Assuming that command-line parameters are actually globally visible on your platform, which isn't necessarily the case.

Anyway, I basically agree that the legitimate use-case for this feature is pretty small, and it is probably worth removing. However, I don't think it is urgent (there are plenty of other ways to shoot yourself in the foot), and shouldn't be backpatched -- people may be using this functionality.

-Neil

---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
     subscribe-nomail command to [EMAIL PROTECTED] so that your
     message can get through to the mailing list cleanly

Reply via email to