Re: [PATCH] pgpassfile connection option
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Oskari Saarenmaa <os@ohmu.fi>
Cc: Julian Markwort <julian.markwort@uni-muenster.de>,
Andrew Dunstan <andrew@dunslane.net>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2016-10-18T15:55:16Z
Lists: pgsql-hackers
On Tue, Oct 11, 2016 at 5:06 PM, Oskari Saarenmaa <os@ohmu.fi> wrote: > $ PASSWORD=xyz psql 'password=$PASSWORD dbname=foo' > > This does have the hazard of making it very easy to accidentally use double > quotes instead of single quotes and have the shell expand the variable > making it visible in process listing though. It has the hazard that environment variables are visible in the process listing anyway on many platforms. On Linux, try "ps auxeww"; on MacOS X, try "ps -efEww". At a quick glance, it seems that on both of those platforms you have to either be root or be the same user that owns the process, but I'm not sure that every platform will have it locked down that tightly and even that might be more exposure than you really want. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
Commits
-
Allow password file name to be specified as a libpq connection parameter.
- ba005f193d88 10.0 landed