> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > We can hide it but it will be visible for a short period, and many
> > operating systems either don't allow us to modify the ps args or have
> > ways of circumventing custom ps display, i.e. it doesn't show updated ps
> > display if the process is swapped out because ps can't get to the
> > user-space definitions of the custom args.
>
> Yes, passwords in command-line arguments are *way* too dangerous.
>
> I had always thought that environment vars were secure, though, and was
> surprised to learn that there are Unix variants wherein they're not.
>
> I still like the idea of arguments and/or env vars that give the name
> of a file in which to look for the password, however. Perhaps the file
> contents could be along the lines of
>
> username host password
>
> and libpq would look for a line matching the PGUSER and PGHOST values it
> already has. (compare the usage of .netrc, .cvspass, etc). Maybe there
Yes, this is more powerful than the environment variable anyway. We
only have to decide how to specify missing fields. Asterisk?
> could even be a default assumption that we look in "$HOME/.pgpass",
> without having to be told? Or is that too Unix-centric?
You mean like we do for .psqlrc. Good idea.
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026
