Thread: specifying a password on the cmd line for db connect

Gauthier, Dave wrote:

Hi:

 

Is there a way to require and specify a password at the cmd line for a connect?

You don't want to do that because any user on the system can see the command, and thus the password.  You want to use a .pgpass file instead:

http://www.postgresql.org/docs/8.4/interactive/libpq-pgpass.html

-- 
Greg Smith    2ndQuadrant   Baltimore, MD
PostgreSQL Training, Services and Support
greg@2ndQuadrant.com  www.2ndQuadrant.com

On 16/11/2009 22:51, Gauthier, Dave wrote:
> Hi:
>
> Is there a way to require and specify a password at the cmd line for a connect?  At first glance...
>
> --username foo  --password fee
>
> would seem to be what I want.  But it just prompts me for a password (after interpreting "fee" as the DB name).

Hi there,

There are no options such as these....what you do instead is use a
pgpass file:

  http://www.postgresql.org/docs/8.4/static/libpq-pgpass.html

Ray.

--
Raymond O'Donnell :: Galway :: Ireland
rod@iol.ie

On 16/11/2009 23:05, Raymond O'Donnell wrote:
> On 16/11/2009 22:51, Gauthier, Dave wrote:
>> --username foo  --password fee

[snip]

> There are no options such as these....what you do instead is use a

Actually, to correct myself, there *are* these options - but the
--password option just forces a password prompt - it doesn't actually
allow you to specify the password.

Have a look at psql --help for all the options.

Ray.

--
Raymond O'Donnell :: Galway :: Ireland
rod@iol.ie

Hi Dave,

You can always use the environment variable PGPASSWORD to do that.
Though - it is not recommended to use for security reason. :(
Please follow the link for the details.
http://www.postgresql.org/docs/8.3/static/libpq-envars.html

On 2009-11-16, Gauthier, Dave <dave.gauthier@intel.com> wrote:
> --_000_482E80323A35A54498B8B70FF2B87980042237CF64azsmsx504amrc_
> Content-Type: text/plain; charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
>
> Hi:
>
> Is there a way to require and specify a password at the cmd line for a conn=
> ect?  At first glance...

PGPASSWORD=fee  psql --username foo ...

><html xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:w=3D"urn:sc=
> hemas-microsoft-com:office:word" xmlns=3D"http://www.w3.org/TR/REC-html40">

for winders

set PGPASSWORD=fee
psql --username foo ....

On 2009-11-17, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote:
> --000e0cd211e054ab9404788a05cf
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi Dave,
>
> You can always use the environment variable PGPASSWORD to do that.
> Though - it is not recommended to use for security reason. :(

as long as it's not in the default environment it's better than a
command-line password.

Jasen Betts <jasen@xnet.co.nz> writes:
> On 2009-11-17, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote:
>> You can always use the environment variable PGPASSWORD to do that.
>> Though - it is not recommended to use for security reason. :(

> as long as it's not in the default environment it's better than a
> command-line password.

On some platforms it's possible to see all of a process's environment
variables using ps-like tools.  That's why PGPASSWORD is deprecated.
If you're certain that your platform is not like this, then
"export PGPASSWORD=foo" is probably reasonably safe.  On the whole,
though, a .pgpass file is probably safer as well as more convenient.

            regards, tom lane