Re: [HACKERS] TODO list updated
Marc G. Fournier <scrappy@hub.org>
From: The Hermit Hacker <scrappy@hub.org>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Bruce Momjian <pgman@candle.pha.pa.us>,
Peter Eisentraut <peter_e@gmx.net>, PostgreSQL-development <pgsql-hackers@postgreSQL.org>
Date: 2000-01-13T17:18:11Z
Lists: pgsql-hackers
On Thu, 13 Jan 2000, Tom Lane wrote:
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> >> You can't securely do
> >> echo $PASSWORD | backend
> >> or
> >> echo $PASSWORD > allegedly-secure-temp-file
>
> > This is secure. echo is a shell builtin, and does not invoke a separate
> > process with arguments.
>
> echo is a builtin in ksh and derivatives, but I don't think it's safe
> to assume it is a builtin everywhere...
bash-2.03$ which echo
/usr/slocal/bin/echo
Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org