Re: [HACKERS] TODO list updated

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Bruce Momjian <pgman@candle.pha.pa.us>
Cc: Peter Eisentraut <peter_e@gmx.net>, The Hermit Hacker <scrappy@hub.org>, PostgreSQL-development <pgsql-hackers@postgreSQL.org>
Date: 2000-01-13T16:47:56Z
Lists: pgsql-hackers
Bruce Momjian <pgman@candle.pha.pa.us> writes:
>> You can't securely do
>> echo $PASSWORD | backend
>> or
>> echo $PASSWORD > allegedly-secure-temp-file

> This is secure.  echo is a shell builtin, and does not invoke a separate
> process with arguments.

echo is a builtin in ksh and derivatives, but I don't think it's safe
to assume it is a builtin everywhere...

			regards, tom lane