Tom Lane wrote:
> It is not our job to dictate security policy to users. Even on a
> platform where environment variables are insecure, the user might be
> willing to use PGPASSWORD. For example, suppose it's a laptop with
> only one user, connecting via psql to a remote server that demands
> passwords. PGPASSWORD could be a perfectly convenient and safe
> solution.
Good point.
> We should deprecate it, explain exactly why it's deprecated (which the
> current docs fail to do), and leave it up to the user to decide whether
> it's safe to use in his context.
>
> If you want to put in security restrictions that are actually useful,
> where is the code to verify that PGPASSWORDFILE points at a
> non-world-readable file? That needs to be there now, not later, or
> we'll have people moaning about backward compatibility when we finally
> do plug that hole.
Agreed.
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073