From: Steve Singer <ssinger@ca.afilias.info>
Date: Thu, 8 Nov 2012 17:58:42 +0000 (-0500)
Subject: set the PGPASSWORD file to read-only, then close and unlink it
X-Git-Tag: REL_2_2_0_B3~12^2~5
X-Git-Url: http://git.postgresql.org/gitweb/static/gitweb.js?a=commitdiff_plain;h=c9820e6aa53bbfc3eeeb93550b1560d660d64da6;p=slony1-engine.git

set the PGPASSWORD file to read-only, then close and unlink it
---

diff --git a/tools/altperl/slon-tools.pm b/tools/altperl/slon-tools.pm
index 2ee4e795..4072ccfd 100644
--- a/tools/altperl/slon-tools.pm
+++ b/tools/altperl/slon-tools.pm
@@ -238,8 +238,11 @@ limit 1)
   my $result;
   if ($passwd) {
      my ($fh, $filename) = tempfile();
+     chmod( 0600, $filename);
      print $fh "$host:$port:$dbname:$dbuser:$password";
+     close $fh;
      $result=`PGPASSFILE=$filename @@PGBINDIR@@/psql -p $port -h $host -U $dbuser -c "$query" --tuples-only $dbname`;
+     unlink $filename;
   } else {
      $result=`@@PGBINDIR@@/psql -p $port -h $host -U $dbuser -c "$query" --tuples-only $dbname`;
   }
@@ -326,8 +329,11 @@ limit 1;   --- One such entry is sufficient...
   my $result;
   if ($passwd) {
      my ($fh, $filename) = tempfile();
+     chmod(0600,$filename);
      print $fh "$host:$port:$dbname:$dbuser:$password";
+     close $fh;
      $result=`PGPASSFILE=$filename @@PGBINDIR@@/psql -p $port -h $host -U $dbuser -c "$query" --tuples-only $dbname`;
+     unlink $filename;
   } else {
      $result=`@@PGBINDIR@@/psql -p $port -h $host -c "$query" -U $dbuser --tuples-only $dbname`;
   }