PG Bug reporting form <noreply@postgresql.org> writes:
> Under Linux, when supplying the password via PGPASSWORD to the psql command
> the password can be easily retrieved from the /proc/$pid/environ pseudo file
> (or indirectly with e.g. `ps ae`) - for the complete runtime of the psql
> process.
This is true on many OSes. Generally speaking, we deprecate use of
PGPASSWORD at all on such platforms. Having psql try to clear it out
seems rather pointless to me, as (a) that does nothing for instances
of the value that appear in the environments of ancestor processes,
and (b) I doubt there is any platform-independent way to hide it.
FWIW, Postgres offers a number of other authentication mechanisms
that can be both more secure and more convenient than passwords.
regards, tom lane