> Lincoln Yeoh <lyeoh@pop.jaring.my> writes:
> > At 01:08 AM 11/28/01 -0500, Tom Lane wrote:
> >> ... Password auth sucks from a convenience point of view
> >> (or even from a possibility point of view, for scripts; don't forget
> >> the changes that you yourself recently applied to guarantee that a
> >> script *cannot* supply a password to psql).
>
> > Ack. We can't send in passwords to psql anymore? :(
>
> Well, Bruce, you were the one that was hot to make that /dev/tty change.
> Time to defend it.
OK, I remember now. The issue was how to handle:cat file | psql test
In previous releases, you _had_ to have the password as the first line
in file. In the current code, if you are running from a terminal, you
supply the password from the keyboard. If you are running from a batch
job that has no terminal (/dev/tty), you must have the password as the
first line in the file.
People were complaining about the old behavior.
I modeled the changes after the BSD getpass(), which I assume is the
standard behavior on most unixes.
It would be nice to extend .psqlrc to allow storage of passwords, but
that is only read by psql and not by all libpq applications. Not sure
how to handle this.
I will document the security problem with PGPASSWORD and add a TODO item
to remove it in 7.3. Is that OK with everyone?
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026
