Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens

> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > I will document the security problem with PGPASSWORD and add a TODO item
> > to remove it in 7.3.  Is that OK with everyone?
> 
> I don't think we should remove it.  Documenting that using it is a
> security risk on some platforms seems a good idea, however.

OK, new text is:
<envar>PGPASSWORD</envar>sets the password used if the backend demands passwordauthentication. This is not recommended
becausethe password canbe read by others using <command>ps -e</command>.
 

I am unsure if Linux has this problem but it seems most other Unix's do.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026