Closed
Description
The PostgreSQL dumping code produces a database URI that is then passed verbatim on the pg_dump command-line.
Command lines are considered public, because normally, everyone with shell access to a system can read them (by calling ps or looking inside /proc).
All utilities using libpq can be configured using environment variables for this exact reason, which I will propose in a merge request.
As of Django 3.2, the DatabaseClient class will have a settings_to_cmd_args_env method that does exactly this, but we cannot yet use it for backwards compatibility.
Metadata
Metadata
Assignees
Labels
No labels