Tom Lane wrote:
> On many platforms, it's possible for other users to see the environment
> variables of a process. So PGPASSWORD is really quite insecure.
As said in https://www.postgresql.org/docs/current/static/libpq-envars.html
"PGPASSWORD behaves the same as the password connection parameter. Use of this environment variable is not recommended
forsecurity reasons, as some operating systems allow non-root users to see process environment variables via ps;
insteadconsider using a password file"
I understand this in the context that PostgreSQL runs on many
operating systems, including ancient ones.
But in the case that the target platform is not afflicted by
"the environment is public" problem, what's best between
PGPASSWORD and .pgpass is a judgment call. Personally
I'm unimpressed by the recommendation above seemingly
favoring the latter, as if it hadn't its own problems.
Best regards,
--
Daniel Vérité
PostgreSQL-powered mailer: http://www.manitou-mail.org
Twitter: @DanielVerite
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
