Re: [HACKERS] TODO list updated
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: The Hermit Hacker <scrappy@hub.org>
Cc: Bruce Momjian <pgman@candle.pha.pa.us>,
Peter Eisentraut <peter_e@gmx.net>, PostgreSQL-development <pgsql-hackers@postgreSQL.org>
Date: 2000-01-13T01:26:54Z
Lists: pgsql-hackers
The Hermit Hacker <scrappy@hub.org> writes: > On Wed, 12 Jan 2000, Bruce Momjian wrote: >> OK, now we have to decide if we are going to require this be done as >> part of initdb. I am inclined to say the user _has_ to be _prompted_ in >> a secure matter for the password as part of initdb. Have a command-line >> switch for the password is not secure, IMHO, though it is better than >> nothing. > If we do a 'CREATE USER <user> WITH PASSWORD <pass>', its no more secure > then using a command line switch for password ... Yes it is --- if you have a shell script that is invoked by initdb --password pgsqlPassword ... then anyone else on the same machine who happens to be doing a "ps" meanwhile will see your password. Note that if initdb is a shell script, then it still has to be very careful what it does with the password; put it in any command line for a program invoked by the script, and the leak is back with you. A C-program version of initdb would be a lot safer. But in theory you can pass the password to the backend without exposing it in any command line (put it in a data file instead, say). regards, tom lane