BUG #8438: Usage of Pipe operator in Windows(CMD.exe) shows the password typed with any PG utility.
The following bug has been logged on the website:
Bug reference: 8438
Logged by: Raghav
Email address: raghavendra.rao@enterprisedb.com
PostgreSQL version: 9.2.2
Operating system: Windows
Description:
Hi,
I have PostgreSQL 9.2 instance on Windows 7 running in MD5 authentication
mode. Anytime I connect I need to pass the password for connection. When I
try to connect from command prompt using PIPE ('|") operator; and the
password I type is visible(shown) instead of hiding it. For example in
linux, any password typed when prompted will not show it just hides it.
Which seems not the same in windows. Please look at the example below:
1. Go to command prompt (runas /user:postgres "cmd.exe")
2. Pass the some command using pipe operator to Psql (or any utility).
c:\Program Files\PostgreSQL\9.2\bin>echo select version(); | psql -p 5433
Password: postgres
version
-------------------------------------------------------------
PostgreSQL 9.2.2, compiled by Visual C++ build 1600, 32-bit
(1 row)
If you see above output, the password I typed as "postgres" is clearly
visible. I didn't tried to reproduce on any other version of PG or Windows.
Below are my version details:
Operating System: Windows 7 64 bit
PostgreSQL: PostgreSQL 9.2.2
For any further information required, I would be glad to share if its sent
to my email id: raghavendra.rao@enterprisedb.com.
Thank you .
---
Regards,
Raghavendra
EnterpriseDB Corporation
--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs
On Fri, Sep 6, 2013 at 05:35:57AM +0000, raghavendra.rao@enterprisedb.com wrote:
I have PostgreSQL 9.2 instance on Windows 7 running in MD5 authentication
mode. Anytime I connect I need to pass the password for connection. When I
try to connect from command prompt using PIPE ('|") operator; and the
password I type is visible(shown) instead of hiding it. For example in
linux, any password typed when prompted will not show it just hides it.
Which seems not the same in windows. Please look at the example below:1. Go to command prompt (runas /user:postgres "cmd.exe")
2. Pass the some command using pipe operator to Psql (or any utility).
c:\Program Files\PostgreSQL\9.2\bin>echo select version(); | psql -p 5433
Password: postgresversion
-------------------------------------------------------------
PostgreSQL 9.2.2, compiled by Visual C++ build 1600, 32-bit
(1 row)If you see above output, the password I typed as "postgres" is clearly
visible. I didn't tried to reproduce on any other version of PG or Windows.
Below are my version details:Operating System: Windows 7 64 bit
PostgreSQL: PostgreSQL 9.2.2For any further information required, I would be glad to share if its sent
to my email id: raghavendra.rao@enterprisedb.com.
I checked on our code and this is what we use in simple_prompt() on
Windows to turn off echo:
/* get a new handle to turn echo off */
t_orig = (LPDWORD) malloc(sizeof(DWORD));
t = GetStdHandle(STD_INPUT_HANDLE);
/* save the old configuration first */
GetConsoleMode(t, t_orig);
/* set to the new mode */
SetConsoleMode(t, ENABLE_LINE_INPUT | ENABLE_PROCESSED_INPUT);
I think the last line is turning off ENABLE_ECHO_INPUT:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms686033%28v=vs.85%29.aspx
Obviously it isn't working for you. Does anyone else see the psql typed
password echoed on Windows?
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ Everyone has their own god. +
--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs