Tom Lane wrote:
The question at hand is whether we want to support an obvious security
hole. The argument that "some people will not care" applies with at
least as much force to psql or pg_dump, which at least have the grace
to not hang around and advertise their command-line parameters forever.
I think that using -P for pg_autovacuum is just plain stupid, even on a
nominally secure single-user box.
Assuming that command-line parameters are actually globally visible on
your platform, which isn't necessarily the case.
Anyway, I basically agree that the legitimate use-case for this feature
is pretty small, and it is probably worth removing. However, I don't
think it is urgent (there are plenty of other ways to shoot yourself in
the foot), and shouldn't be backpatched -- people may be using this
functionality.
-Neil
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly
