In 7.3, this is the docs for PGPASSWORD:
PGPASSWORD sets the password used if the backend demands password
authentication. This functionality is deprecated for security reasons;
consider migrating to PGPASSWORDFILE.
It is more vague on the security issues, but it does recommend a new
feature PGPASSWORDFILE, which will allow the passwords to be kept in a
file:
PGPASSWORDFILE sets the password file used if the backend demands
password authentication. This file should have the format
hostname:port:database:username:password
Any of these may be a literal name, or a * that matches anything. The
first match will be the one used, so put more specific entries first.
Entries with : or \ should be escaped with \.
---------------------------------------------------------------------------
Ian Barwick wrote:
> On Friday 23 August 2002 17:47, David F. Skoll wrote:
> > On Fri, 23 Aug 2002, Ian Barwick wrote:
> > > AFAIK utilities such as pg_dump prompt for the password but
> > > won't accept it as a command line option, which makes password-based
> > > authentication almost unusable when calling these utilities from a
> > > script.
> >
> > This really should be Question #1 in the FAQ.
> >
> > You can set the environment variable PGPASSWORD to the password, and avoid
> > prompts. This assumes the same username/password has access to all the
> > databases for pg_dumpall.
> >
> > I didn't find this documented anywhere. It probably is, but somewhere
> > buried...
>
> here?:
> http://www.postgresql.org/idocs/index.php?libpq-envars.html
>
> The security-conscious might like to note:
>
> "PGPASSWORD sets the password used if the backend demands password
> authentication. This is not recommended because the password can be read by
> others using the ps command with special options on some platforms."
>
> (At least on FreeBSD ps can be made to show the calling user's, but no
> other users' environment variables).
>
> Should this be included in the FAQ (it doesn't seem to be) I would include
> the recommendation that the permissions of any file where PGPASSWORD is set
> should be checked carefully.
>
> Ian Barwick
> barwick@gmx.net
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
>
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073