Bruce Momjian wrote:
postgresbugs wrote:
Oliver Jowett wrote:
postgresbugs wrote:
The functionality provided by PGPASSWORD should not be removed unless
there is a functionality other than .pgpass, which is fine for some
uses and not for others, that will provide similar functionality.
That could be psql and pg_dump and the like accepting a password on
the command line as I stated earlier.
Putting the password on the command line would be even more of a
security problem than PGPASSWORD is now. I agree that an alternative
to ,pgpass would be useful, but it needs to be a *secure* alternative.
-O
That may be true. Again, I think the option to use or not use PGPASSWORD
or something similar should be up to the system administrator.
I have updated the docs to read "not recommended":
authentication. This environment variable is not recommended for security
^^^^^^^^^^^^^^^
n
Thanks.
John Griffiths
|
