Re: [HACKERS] TODO list updated
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Bruce Momjian <pgman@candle.pha.pa.us>
Cc: Peter Eisentraut <peter_e@gmx.net>, The Hermit Hacker <scrappy@hub.org>, PostgreSQL-development <pgsql-hackers@postgreSQL.org>
Date: 2000-01-13T16:47:56Z
Lists: pgsql-hackers
Bruce Momjian <pgman@candle.pha.pa.us> writes: >> You can't securely do >> echo $PASSWORD | backend >> or >> echo $PASSWORD > allegedly-secure-temp-file > This is secure. echo is a shell builtin, and does not invoke a separate > process with arguments. echo is a builtin in ksh and derivatives, but I don't think it's safe to assume it is a builtin everywhere... regards, tom lane