Re: [HACKERS] TODO list updated

Marc G. Fournier <scrappy@hub.org>

From: The Hermit Hacker <scrappy@hub.org>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Bruce Momjian <pgman@candle.pha.pa.us>, Peter Eisentraut <peter_e@gmx.net>, PostgreSQL-development <pgsql-hackers@postgreSQL.org>
Date: 2000-01-13T17:18:11Z
Lists: pgsql-hackers
On Thu, 13 Jan 2000, Tom Lane wrote:

> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> >> You can't securely do
> >> echo $PASSWORD | backend
> >> or
> >> echo $PASSWORD > allegedly-secure-temp-file
> 
> > This is secure.  echo is a shell builtin, and does not invoke a separate
> > process with arguments.
> 
> echo is a builtin in ksh and derivatives, but I don't think it's safe
> to assume it is a builtin everywhere...

bash-2.03$ which echo
/usr/slocal/bin/echo

Marc G. Fournier                   ICQ#7615664               IRC Nick: Scrappy
Systems Administrator @ hub.org 
primary: scrappy@hub.org           secondary: scrappy@{freebsd|postgresql}.org