Tom Lane wrote:
As of PG 8.3, libpq allows a conninfo string to be passed in via the
dbName parameter of PQsetdbLogin.  This is to allow access to conninfo
facilities in old programs that are still using PQsetdbLogin (including
most of our own standard clients ... ahem).  For instance

        psql "service = foo"

Andrew Dunstan pointed out a possible security hole in this: it will
allow people to do

        psql "dbname = mydb password = mypassword"

which would leave their password exposed on the program's command line.

While we cannot absolutely prevent client apps from doing stupid things,
it seems like it might be a good idea to prevent passwords from being
passed in through dbName.  The attached patch (which depends on some
pretty-recent changes in CVS HEAD) accomplishes this.

Anybody think this is good, bad, or silly?  Does the issue need

I didn't even know we could do that. I always use the shell variable option instead. Does anyone actually use the facility?

explicit documentation, and if so where and how?

I think it should just throw a syntax error, this isn't covered as an ability in the man page. I doubt anyone is honestly using this that isn't smart enough to just figure out it isn't supported.

Joshua D. Drake

---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
      subscribe-nomail command to [EMAIL PROTECTED] so that your
      message can get through to the mailing list cleanly

Reply via email to