Oliver Jowett <oliver@opencloud.com> writes:
> My main objections to using .pgpass are:
> - the script/application itself has no business meddling with .pgpass
It isn't. The password sits in .pgpass and is never touched by the
script. Really the script doesn't know it is there. (For that matter,
I don't think the script has any business assuming that database access
protection involves a password at all; much less wanting to be involved
in the management of that password.)
> - the user might not want to store their password in .pgpass
Without a concrete argument why they should not, this is a straw man.
> - reprompting for the password every time a tool is invoked is at best a
> major annoyance, and at worst impossible to do.
Agreed, which is why we invented .pgpass. But that argument scales up
to beyond one invocation of this hypothetical script, does it not?
regards, tom lane
