473,665 Members | 2,820 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

about "pg_dump " without pompt password

Hello all,

Is it possible that we setup the password in the pg_dump command line
instead of let users input it through prompt command. E.g.,

pg_dump test -c -d --host=localhost -U testUser1 --file='a.dmp'
--no-privileges

Thanks a lot!
Ly
---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend

Nov 23 '05 #1
4 11407
Ying Lu <yi*****@cs.con cordia.ca> writes:
Is it possible that we setup the password in the pg_dump command line


You might as well put it on a billboard --- anything in the command line
can be seen by anyone who runs "ps".

If you don't want to supply it manually, put it in ~/.pgpass.

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend

Nov 23 '05 #2
David Garamond <li***@zara.6.i sreserved.com> writes:
Tom Lane wrote:
Is it possible that we setup the password in the pg_dump command line
You might as well put it on a billboard --- anything in the command line
can be seen by anyone who runs "ps".

If you don't want to supply it manually, put it in ~/.pgpass.

At least in Linux, mysql replaces the password in the command line
argument with "xxxxxxxx" so you can't see them via "ps" nor via peeking
into /proc/<PID>/cmdline. There is a short period where the password is visible though. Are there any other risks? Or is the reason for not doing this is
because not all OS'es supports replacing the command line information?


You just enumerated two fatal strikes against it; do you need more?
If so, consider the question of where the password on the command line
is going to come from. Allowing that would encourage people to put
passwords into possibly-insecurely-stored scripts. Or, depending on how
complicated the shell script is, there might be ancestor shell processes
that also have the password visible in their arguments ... and they
are certainly not going to know to xxx it out.

The ~/.pgpass technique is secure on every Unix, and we can *check* that
it's secure, by refusing to use .pgpass if it's got group or world
access allowed.

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to ma*******@postg resql.org

Nov 23 '05 #3
Tom Lane wrote:
Is it possible that we setup the password in the pg_dump command line


You might as well put it on a billboard --- anything in the command line
can be seen by anyone who runs "ps".

If you don't want to supply it manually, put it in ~/.pgpass.


At least in Linux, mysql replaces the password in the command line
argument with "xxxxxxxx" so you can't see them via "ps" nor via peeking
into /proc/<PID>/cmdline.

There is a short period where the password is visible though.

Are there any other risks? Or is the reason for not doing this is
because not all OS'es supports replacing the command line information?

--
dave

---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match

Nov 23 '05 #4
Tom Lane wrote:
At least in Linux, mysql replaces the password in the command line
argument with "xxxxxxxx" so you can't see them via "ps" nor via peeking
into /proc/<PID>/cmdline.
There is a short period where the password is visible though.

Are there any other risks? Or is the reason for not doing this is
because not all OS'es supports replacing the command line information?


You just enumerated two fatal strikes against it; do you need more?
If so, consider the question of where the password on the command line
is going to come from. Allowing that would encourage people to put
passwords into possibly-insecurely-stored scripts. Or, depending on how
complicated the shell script is, there might be ancestor shell processes
that also have the password visible in their arguments ... and they
are certainly not going to know to xxx it out.


Yeah, I have some Perl/Ruby scripts that does "wget --proxy-user ...
--proxy-passwd ..." that reports the output through crontab and I have
to do the XXX-ing manually to prevent everyone that receives the cron
output to read the username/password. Should've stored the password in
~/.wgetrc too, I guess.
The ~/.pgpass technique is secure on every Unix, and we can *check* that
it's secure, by refusing to use .pgpass if it's got group or world
access allowed.


I love the Postgres community. It's all about doing things _properly_. :-)

--
dave

---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings

Nov 23 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
51
6952
How about "pure virtual methods"?
by: Noam Raphael | last post by:
Hello, I thought about a new Python feature. Please tell me what you think about it. Say you want to write a base class with some unimplemented methods, that subclasses must implement (or maybe even just declare an interface, with no methods implemented). Right now, you don't really have a way to do it. You can leave the methods with a "pass", or raise a NotImplementedError, but even in the best solution that I know of,
Python
13
29490
about "export" keyword
by: DarkSpy | last post by:
many c++ compilers including "gcc" have not implemented the "export" keyword, but the comeau compilers made it (just i knew). i want to know about: is it too difficult to implement "export" keyword? if it is, i know the history that is without "export" keyword of C++ compilers with five years (sorry about my poor english :-) ), in five years still have no some idea to implement it ? my project and many C++ programmers need this important...
C / C++
81
7295
Two Questions about "strlen", "strcat" and "strcpy"
by: Matt | last post by:
I have 2 questions: 1. strlen returns an unsigned (size_t) quantity. Why is an unsigned value more approprate than a signed value? Why is unsighned value less appropriate? 2. Would there be any advantage in having strcat and strcpy return a pointer to the "end" of the destination string rather than returning a
C / C++
9
2518
Two questions about "partial classes"
by: Gomaw Beoyr | last post by:
Two question about the "partial classes" (in the next wersion of ..NET). Question 1 ========== Will partial classes (in the next version of C#) have to be declared "partial" in ALL places. I.e. do we have to need to write:
C# / C Sharp
5
1566
Any difference about "me" or without "me"
by: Agnes | last post by:
For my own practices. I like to put "Me". e.g IF Me.txtInvoice.textlength = 0 ....... etc Me.txt.....etc However, Is there any difference (without Me) ?? Thanks
Visual Basic .NET
0
363
about "pg_dump " without pompt password
by: Ying Lu | last post by:
Hello all, Is it possible that we setup the password in the pg_dump command line instead of let users input it through prompt command. E.g., pg_dump test -c -d --host=localhost -U testUser1 --file='a.dmp' --no-privileges Thanks a lot! Ly
PostgreSQL Database
1
2343
Question about "'size' px"
by: Riverburn | last post by:
I have a very small question regarding the px notation (with a lot of text though). is there a reason Mozilla cannot read the following css: .box{ width:500 px; } ? because opera can show this without a problem. I'm no Opera zealot, However, since mozilla is supposed to be the best, I guess they must have a reason to misread that space, because this he renders without problem: .box{
HTML / CSS
7
1817
question about "same origin policy"
by: funktacular | last post by:
Hi- I have script that works fine when I run it from a server, but I need to be able to load the page and have it work from my hard drive. However, it seems the when the url changes from http://www.mydomain.com/default.html to file:///D:/folder_name/default.html that the browser thinks the frames are coming from different domains. I'm still pretty new to javascript and I am wondering if there is a way around this so I can load from my...
Javascript
1
2835
information about "&quot"
by: manchin2 | last post by:
Hi, Can anybody please provide the information about "&quot" and its use, if possible please provide an example. 1)<tm:bom-expression>{Conf.getEquityConfLookupFields().getEventFieldText(&quot;AdditionalDisruption&quot;,&quot;Change in Law&quot;)}</tm:bom-expression> 2)07:41:08 Default ( call ( . ( call ( . Conf getEquityConfLookupFields ) ) getEventFieldText ) ( , AdditionalDisruption Change inLaw ) ) value=Not applicable Can you please...
XML
0
8863
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
8779
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
7376
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
6187
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
5660
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
4186
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
4356
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
2765
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
1761
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us