Re: [HACKERS] TODO list updated
Peter Eisentraut <e99re41@docs.uu.se>
From: Peter Eisentraut <e99re41@DoCS.UU.SE>
To: The Hermit Hacker <scrappy@hub.org>
Cc: Bruce Momjian <pgman@candle.pha.pa.us>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2000-01-13T11:21:27Z
Lists: pgsql-hackers
On Wed, 12 Jan 2000, The Hermit Hacker wrote: > On Wed, 12 Jan 2000, Bruce Momjian wrote: > > > > If we do a 'CREATE USER <user> WITH PASSWORD <pass>', its no more secure > > > then using a command line switch for password ... > > > > Why is that? ps shows command args, righ? > > Point. You won me over :) But it doesn't show the complete command line, only SELECT or UPDATE, etc. I'm not sure if it also shows create, I haven't been able to simulate that. What's the whole point of access control if you can happily scan your ps output for all selects, inserts, updates, etc. going through and keep record of it? -- Peter Eisentraut Sernanders vaeg 10:115 peter_e@gmx.net 75262 Uppsala http://yi.org/peter-e/ Sweden