Re: PGPASSWORD

Поиск
Список
Период
Сортировка
От postgresbugs
Тема Re: PGPASSWORD
Дата
Msg-id 4220906E.3000307@grifent.com
обсуждение исходный текст
Ответ на PGPASSWORD  (postgresbugs <postgresbugs@grifent.com>)
Список pgsql-bugs
Дерево обсуждения 
Bruce Momjian wrote:
<blockquote cite="mid200502261421.j1QELdd27029@candle.pha.pa.us"
 type="cite">
  postgresbugs wrote:


    Oliver Jowett wrote:



      postgresbugs wrote:



        The functionality provided by PGPASSWORD should not be removed unless
there is a functionality other than .pgpass, which is fine for some
uses and not for others, that will provide similar functionality.
That could be psql and pg_dump and the like accepting a password on
the command line as I stated earlier.



Putting the password on the command line would be even more of a
security problem than PGPASSWORD is now. I agree that an alternative
to ,pgpass would be useful, but it needs to be a *secure* alternative.

-O


    That may be true. Again, I think the option to use or not use PGPASSWORD
or something similar should be up to the system administrator.



I have updated the docs to read "not recommended":

  authentication.  This environment variable is not recommended for security

                                                ^^^^^^^^^^^^^^^
n


Thanks.
John Griffiths

В списке pgsql-bugs по дате отправления: