Jonah H. Harris wrote: > On Mon, Mar 16, 2009 at 8:50 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > > > Heikki Linnakangas <heikki.linnakan...@enterprisedb.com> writes: > > > Hmm, I wonder if you could do something malicious with it. > > > > There are any number of scenarios where exposing the client command-line > > contents to other database users represents a security hole, quite > > independently of whether anything falls over depending on the line > > contents. (I wonder whether there are any Oracle clients that accept > > a password on the command line, for instance.) > > > Sure they let you pass the password on the command line, but they don't > recommend it. Most of the utilities accept the syntax: > > utility user/p...@instance > > Just doing u...@instance will generally prompt for a password. > > Ahh, the number of passwords I've recovered from shell history files as a > consultant... good times :) > > The only reason this complaint is directed to us, and not Oracle, > > is that the complainant knows how far he's likely to get complaining > > to Oracle :-( > > > I don't doubt that. But, like I said, it's really a matter of the > application name. In our case, Postgres falls into that corner case and we > either choose to do something about it or we don't. I put the temporary > solution out there for anyone that has the problem. If we want to fix it > long-term, we'd have to look at one of the previously discussed alternatives > to using (port). I don't particularly care one way or another, but if we > were to change the ps line format, I just wanted to say that I preferred > host:port rather than host(port).
I think I was the one who originally added the port in paretheses, and I agree that a colon would have made more sense, but I never thought of it. postgres test 127.0.0.1(57966) idle vs. postgres test 127.0.0.1:57966 idle In fact my old BSD ps looks like: postgres test 127.0.0.1(58013) idle (postmaster) The old argv[0] is in parentheses. I think any serious tools are now using pg_stat_activity. I saw we make the change in 8.4 and just document it. I wouldn't make the change for Oracle but rather for clarity. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers