In the TODO list on http://developer.postgresql.org/todo.php,
I found the following entry:
- Remove PGPASSWORD because it is insecure on some OS's, in 7.4
Why?
I see the following problems:
- This will make psql no longer usable in scripts as PGPASSWORD is
currently the *only* way to pass a password to psql
- The alternative (a new command line option for password) is much more insecure,
as then the password is readable by everybody from the process table
In case PGPASSWORD is dropped, there should be a working way to use psql
in scripts. Maybe you could manage to make the following code work:
psql -U user dbname <<EOF
password
/* SQL-Statements */
EOF
(For some strange reason this works with Oracle's sqlplus, but not with psql)
Christoph Dalitz
