Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opensup

> 
> > Of course, given that most OS's don't have the 'ps' environment
> problem,
> > maybe we have to keep PGPASSWORD around.  It is up to the group.  Do
> > people want me to change my wording of the option in the SGML sources?
> > 
> >   <envar>PGPASSWORD</envar>
> >   sets the password used if the backend demands password
> >   authentication. This is not recommended because the password can
> >   be read by others using a <command>ps</command> environment flag
> >   on some platforms.
> 
> I think the wording is good. I would keep supporting the envar.
> 
> What exactly speaks against a commandline switch, that gets hidden
> with the postmaster argv trick, and a similar notice as for PGPASSWORD.
> For me, this would be the most convenient form of supplying a password
> (if I used db side passwords :-).

We can hide it but it will be visible for a short period, and many
operating systems either don't allow us to modify the ps args or have
ways of circumventing custom ps display, i.e. it doesn't show updated ps
display if the process is swapped out because ps can't get to the
user-space definitions of the custom args.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026