Hi po 27. 12. 2021 v 9:55 odesÃlatel Alexey Murz Korepov <mur...@gmail.com> napsal:
> MySQL in version have deprecated the `MYSQL_PWD` environment variable, > because they considers this way as insecure, quote from > https://dev.mysql.com/doc/refman/8.0/en/environment-variables.html#idm45429554761920 > : > > > Use of MYSQL_PWD to specify a MySQL password must be considered > extremely insecure and should not be used. Some versions of ps include an > option to display the environment of running processes. On some systems, if > you set MYSQL_PWD, your password is exposed to any other user who runs ps. > Even on systems without such a version of ps, it is unwise to assume that > there are no other methods by which users can examine process environments. > > So I want to ask - is there the same plan for PostgreSQL with it's > `PGPASSWORD` environment variable for future versions, or will it stay as > non-deprecated for future versions, and we can continue to use it without > worrying? > I don't remember any discussion about it. In the documentation is note, so this way is not preferred PGPASSWORD behaves the same as the password <https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNECT-PASSWORD> connection parameter. Use of this environment variable is not recommended for security reasons, as some operating systems allow non-root users to see process environment variables via ps; instead consider using a password file (see Section 34.16 <https://www.postgresql.org/docs/current/libpq-pgpass.html>). https://www.postgresql.org/docs/current/libpq-envars.html Regards Pavel > -- > Best regards, > Alexey Murz Korepov. > E-mail: mur...@gmail.com > Messengers: Matrix - https://matrix.to/#/@murz:ru-matrix.org Telegram - > @MurzNN >
