Re: BUG #15930: Redact PGPASSWORD environment variable in psql - Mailing list pgsql-bugs

From Tom Lane
Subject Re: BUG #15930: Redact PGPASSWORD environment variable in psql
Date
Msg-id 20360.1564241009@sss.pgh.pa.us
Whole thread Raw
In response to BUG #15930: Redact PGPASSWORD environment variable in psql  (PG Bug reporting form <noreply@postgresql.org>)
Responses Re: BUG #15930: Redact PGPASSWORD environment variable in psql
List pgsql-bugs
PG Bug reporting form <noreply@postgresql.org> writes:
> Under Linux, when supplying the password via PGPASSWORD to the psql command
> the password can be easily retrieved from the /proc/$pid/environ pseudo file
> (or indirectly with e.g. `ps ae`) - for the complete runtime of the psql
> process.

This is true on many OSes.  Generally speaking, we deprecate use of
PGPASSWORD at all on such platforms.  Having psql try to clear it out
seems rather pointless to me, as (a) that does nothing for instances
of the value that appear in the environments of ancestor processes,
and (b) I doubt there is any platform-independent way to hide it.

FWIW, Postgres offers a number of other authentication mechanisms
that can be both more secure and more convenient than passwords.

            regards, tom lane



pgsql-bugs by date:

Previous
From: PG Bug reporting form
Date:
Subject: BUG #15930: Redact PGPASSWORD environment variable in psql
Next
From: Tom Lane
Date:
Subject: Re: Multiple inheritance and ALTER TABLE issue