Lamar Owen <[EMAIL PROTECTED]> writes: >> Ah. See, we already have a failure in a security analysis here. This >> command: >> CREATE DATABASE foo WITH LOCATION = 'BAR' >> uses a string that's in the environment.
> And requires you to be a database superuser anyway. CREATE DATABASE does not require superuser privs, only createdb which is not usually considered particular dangerous. Whether you think that there is a potentially-exploitable security hole here is not really the issue. The point is that two different arguments have been advanced against using environment variables for configuration (if you weren't counting, (1) possible security issues now or in the future and (2) lack of consistency between manual and boot-script startup), while zero (as in 0, nil, nada) arguments have been advanced in favor of using environment variables instead of configuration files. I do not see why we are debating the negative when there is absolutely no case on the positive side. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly