Bruce Momjian wrote:
> Kevin Brannen wrote:
>
>>Bruce Momjian wrote:
>>...
>>
>>>7.3 may remove PGPASSWORD, I think, and instead allow you to specify a
>>>file that contains the password.
>>
>>But do you know how many hours it took me to find out about PGPASSWORD
>>in the docs and now you want to change that? :-)
>>
>>How about all 4 approaches: on the command-line, from an env-var, from
>>a file, and finally prompting if there's a tty. Pick any order you want
>>on the first 3, but flexibility is important, and circumstances do
>>change over time that may make 1 more desireable then the others.
>
>
> PGPASSWORD is a security problem on platforms that can show environment
> variables, mostly *BSD's, and most people don't know it is visible.
>
Yes, that was part of my point. By having multiple ways to pass the
password (coded in 1 library function that can be used everywhere),
people can pick what works for them. If their platform has a security
problem with env-var, they can ignore that and use one of the other
approaches. Or if they have my situation where Postgres only runs on a
personal development machine or on the production machine where no one
but admins logon to, then we can use one of the more simple approaches
(passing it on the command-line or via STDIN). Witness the fact that
there's been a patch for 7.2.x recently posted to change the
functionality back to reading the password from STDIN.
Flexibility is a good thing. :-) I'll even go so far as to say it's
important enough that if you, or someone else on the design team, will
give me the order of where to check, I'll even write the library
function. The order I would propose would be: env-var, command-line,
STDIN, interactive prompt if we have a tty. Reorder as you see fit.
Kevin
p.s. if this goes further, this probably belongs on a hackers/developers
list, but I don't subscribe to that.