[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (sql-postgres-login-params): Add user and database defaults.
From: |
Sam Steingold |
Subject: |
Re: (sql-postgres-login-params): Add user and database defaults. |
Date: |
Tue, 11 Nov 2014 14:37:10 -0500 |
On Mon, Nov 10, 2014 at 9:49 PM, Michael Mauger <address@hidden> wrote:
> On Monday, November 10, 2014 4:15 PM, Sam Steingold <address@hidden> wrote:
>>> * Michael Mauger <address@hidden> [2014-11-09 23:39:24 +0000]:
>>>> On Friday, November 7, 2014 2:37 PM, Sam Steingold <address@hidden> wrote:
>>>> Why did you add defaults to the sql-postgres-login-params option?
>>>> No other sql-<product>-login-params have them.
>>I don't think these defaults are useful (to put it mildly).
> So, do you recommend removing the defaults entirely (as opposed to offering
> an alternative) for both username and database?
yes, I recommend that they are set to the flat list like other products
> Are there any others who would like to be heard on this topic? Without
> additional feedback, I'll go ahead and remove the defaults.
you sent your email to me only, not to the list.
this reply goes to the list.
> Again the lack of prompting/storing of the password is not due the the
> security concern but because the password cannot be passed directly on the
> command line. MySql and Oracle support grab the password and pass the
> password along with the username on the command line; resulting in the
> security bug submission. The implementation of passing passwords on the
> command line pre-dates my involvement in sql.el, so while I can't accept
> blame for the shortcoming, I do accept responsibilty for building a working
> solution. I'm hacking on it currently.
Thanks!
Sam