The typical way to do this is to use .pgpass in the user's home
directory. Does that help?
---------------------------------------------------------------------------
Olivier Thauvin wrote:
>
> The following bug has been logged online:
>
> Bug reference: 1567
> Logged by: Olivier Thauvin
> Email address: nanardon@nanardon.homelinux.org
> PostgreSQL version: 8.0.1
> Operating system: Linux (Mandrake cooker)
> Description: can't hide password with pg_autovacuum
> Details:
>
> I found an security with pg_autovacuum :(
> After looking the README and --help, it seems there is no way to start it
> with a configuration file.
>
> This is not a problem except when the database is password protected, so you
> have to use -P option to get it started (no prompt excpet I missed
> something).
>
> The potential issue come from ps, the password is show in clear:
>
> nanardon 28664 0.4 0.0 3644 1384 ? Ss 04:05 0:00 pg_autovacuum
> -D -s rpm2sql -PXXXXXX
>
> XXXXXX is my password in clear (hidden here of course).
> As you can see, there is enought information here for someone having an
> account on the host to connect to DB with admin privileges on the DB (not as
> postgres user of course, but only the owner of the db can vacuum).
>
> Solution:
> - change the command line after start like some ftp client does
> - having the possiblility to read password from a file
> - taking password from envirronment variable (AUTOVACUUM_PASS=pass
> pg_autovacuum...)
>
> If I have any time, I will try to provide a patch, but my knowledge in C are
> too poor to ensure quality :(
>
> ---------------------------(end of broadcast)---------------------------
> TIP 9: the planner will ignore your desire to choose an index scan if your
> joining column's datatypes do not match
>
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
