Bruce Momjian <pgman@candle.pha.pa.us> writes:
> Can I get comments on this?
Ugh.
> It allows storage of a super-user password
> in a file under /data that gets passed in psql. I don't like the fact
> the password is stored unencrypted
Entirely unacceptable IMHO. We just spent a large amount of work to
eliminate the need to keep any unencrypted passwords inside $PGDATA
... and this patch proposes to sling one right back in there, in an
easy-to-find place no less. Mess up the protection on $PGDATA, and
you've given away the store.
pg_ctl is certainly in need of work for systems that use password
security, but this is not a good fix.
regards, tom lane
