Re: worried about PGPASSWORD drop

Tom Lane wrote:
> It is not our job to dictate security policy to users.  Even on a
> platform where environment variables are insecure, the user might be
> willing to use PGPASSWORD.  For example, suppose it's a laptop with
> only one user, connecting via psql to a remote server that demands
> passwords.  PGPASSWORD could be a perfectly convenient and safe
> solution.

Good point.

> We should deprecate it, explain exactly why it's deprecated (which the
> current docs fail to do), and leave it up to the user to decide whether
> it's safe to use in his context.
>
> If you want to put in security restrictions that are actually useful,
> where is the code to verify that PGPASSWORDFILE points at a
> non-world-readable file?  That needs to be there now, not later, or
> we'll have people moaning about backward compatibility when we finally
> do plug that hole.

Agreed.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073