Re: [HACKERS] TODO list updated
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: kdebisschop@range.infoplease.com
Cc: pgman@candle.pha.pa.us, peter_e@gmx.net, scrappy@hub.org, pgsql-hackers@postgresql.org
Date: 2000-01-13T17:10:29Z
Lists: pgsql-hackers
Karl DeBisschop <kdebisschop@range.infoplease.com> writes: >> What I am starting to think is that we do need a C program. However, >> it could be very small; it shouldn't try to do all of what initdb does. > Why not something like: > [ fire up a postmaster and send it an ALTER USER command ] That's got a race condition: at the time you start the postmaster, the postgres superuser hasn't got a password. A bad guy could get in there and set the password the way *he* wanted it, or less detectably: just connect as postgres, wait for you to set the password, then read it out (he's still connected as postgres and still has superuser rights...) If we thought that was acceptable, the whole issue of setting the password in initdb (rather than doing it manually later on) wouldn't be on the table. The idea is to have a password in place *before* opening the store. If Bruce is correct that 'echo' is a shell builtin on all shells, then echo "ALTER USER ..." | standalone-backend seems like a sufficient solution. I am a little concerned about that "if", but it may be a close-enough answer. regards, tom lane