Hello all,

Is it possible that we setup the password in the pg_dump command line
instead of let users input it through prompt command. E.g.,

pg_dump test -c -d --host=localhost -U testUser1 --file='a.dmp'
--no-privileges

Thanks a lot!
Ly


---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend

Ying Lu <ying_lu@cs.concordia.ca> writes:[color=blue]
> Is it possible that we setup the password in the pg_dump command line[/color]

You might as well put it on a billboard --- anything in the command line
can be seen by anyone who runs "ps".

If you don't want to supply it manually, put it in ~/.pgpass.

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend

David Garamond <lists@zara.6.isreserved.com> writes:[color=blue]
> Tom Lane wrote:[color=green][color=darkred]
>>> Is it possible that we setup the password in the pg_dump command line[/color]
>>
>> You might as well put it on a billboard --- anything in the command line
>> can be seen by anyone who runs "ps".
>>
>> If you don't want to supply it manually, put it in ~/.pgpass.[/color][/color]
[color=blue]
> At least in Linux, mysql replaces the password in the command line
> argument with "xxxxxxxx" so you can't see them via "ps" nor via peeking
> into /proc/<PID>/cmdline.[/color]
[color=blue]
> There is a short period where the password is visible though.[/color]
[color=blue]
> Are there any other risks? Or is the reason for not doing this is
> because not all OS'es supports replacing the command line information?[/color]

You just enumerated two fatal strikes against it; do you need more?
If so, consider the question of where the password on the command line
is going to come from. Allowing that would encourage people to put
passwords into possibly-insecurely-stored scripts. Or, depending on how
complicated the shell script is, there might be ancestor shell processes
that also have the password visible in their arguments ... and they
are certainly not going to know to xxx it out.

The ~/.pgpass technique is secure on every Unix, and we can *check* that
it's secure, by refusing to use .pgpass if it's got group or world
access allowed.

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org

Tom Lane wrote:[color=blue][color=green]
>>Is it possible that we setup the password in the pg_dump command line[/color]
>
> You might as well put it on a billboard --- anything in the command line
> can be seen by anyone who runs "ps".
>
> If you don't want to supply it manually, put it in ~/.pgpass.[/color]

At least in Linux, mysql replaces the password in the command line
argument with "xxxxxxxx" so you can't see them via "ps" nor via peeking
into /proc/<PID>/cmdline.

There is a short period where the password is visible though.

Are there any other risks? Or is the reason for not doing this is
because not all OS'es supports replacing the command line information?

--
dave

---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match

Tom Lane wrote:[color=blue][color=green]
>>At least in Linux, mysql replaces the password in the command line
>>argument with "xxxxxxxx" so you can't see them via "ps" nor via peeking
>>into /proc/<PID>/cmdline.[/color]
>[color=green]
>>There is a short period where the password is visible though.[/color]
>[color=green]
>>Are there any other risks? Or is the reason for not doing this is
>>because not all OS'es supports replacing the command line information?[/color]
>
> You just enumerated two fatal strikes against it; do you need more?
> If so, consider the question of where the password on the command line
> is going to come from. Allowing that would encourage people to put
> passwords into possibly-insecurely-stored scripts. Or, depending on how
> complicated the shell script is, there might be ancestor shell processes
> that also have the password visible in their arguments ... and they
> are certainly not going to know to xxx it out.[/color]

Yeah, I have some Perl/Ruby scripts that does "wget --proxy-user ...
--proxy-passwd ..." that reports the output through crontab and I have
to do the XXX-ing manually to prevent everyone that receives the cron
output to read the username/password. Should've stored the password in
~/.wgetrc too, I guess.
[color=blue]
> The ~/.pgpass technique is secure on every Unix, and we can *check* that
> it's secure, by refusing to use .pgpass if it's got group or world
> access allowed.[/color]

I love the Postgres community. It's all about doing things _properly_. :-)

--
dave

---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings