Re: [BUGS] PGPASSWORD

[Oliver Jowett]

postgresbugs wrote:
The functionality provided by PGPASSWORD should not be removed 
unless there is a functionality other than .pgpass, which is fine for 
some uses and not for others, that will provide similar functionality. 
That could be psql and pg_dump and the like accepting a password on the 
command line as I stated earlier. 
Putting the password on the command line would be even more of a 
security problem than PGPASSWORD is now. I agree that an alternative to 
,pgpass would be useful, but it needs to be a *secure* alternative.

-O
---(end of broadcast)---
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]

Re: [BUGS] PGPASSWORD

[postgresbugs]

Bruce Momjian wrote:

  postgresbugs wrote:
  
  
Oliver Jowett wrote:



  postgresbugs wrote:

  
  
The functionality provided by PGPASSWORD should not be removed unless 
there is a functionality other than .pgpass, which is fine for some 
uses and not for others, that will provide similar functionality. 
That could be psql and pg_dump and the like accepting a password on 
the command line as I stated earlier. 

  
  
Putting the password on the command line would be even more of a 
security problem than PGPASSWORD is now. I agree that an alternative 
to ,pgpass would be useful, but it needs to be a *secure* alternative.

-O
  

That may be true. Again, I think the option to use or not use PGPASSWORD 
or something similar should be up to the system administrator.

  
  
I have updated the docs to read "not recommended":

  authentication.  This environment variable is not recommended for security

^^^
n	
  

Thanks.
John Griffiths