Hello,
In Unix, the command line of all users is public and when using a connection string, sensitive data is passed unencrypted (the password)
I think some Linux/Unix command-line utilities do clear the command line on initialization to prevent leaking sensitive information that needs to be passed over the command line.
I have tested the PSQL Client to not be clearing the password from the command line string when a non-privileged user reviews the process.
To reproduce:
psql "postgresql://postgres:password@localhost:5432/database" -c "SELECT clock_timestamp(),pg_sleep(200),clock_timestamp()" &
[220068]
ps -f -p 220068
/usr/lib/postgresql/12/bin/psql postgresql://postgres:password@localhost:5432/database
Best regards,
Luis J. Diaz
Web Developer