hubert depesz lubaczewski <depesz@gmail.com> writes:
> Giving password as command line option would show it to everybody.
Exactly.
> On the other hand - plaintext file should have privileges set so that
> noone, except for owner of the account from which you're running
> psql/pg_dump/pg_restore, can read it.
> If you prefer, you can set PGPASSWORD environment variable - it will also
> be used by all 3 of these programs (and most other).
Note that environment variables are also unsafe on some platforms, though
(I think) not all. The .pgpass solution is actually quite the safest one.
regards, tom lane
