Re: initdb initial password

"Magnus Hagander" <mha@sollentuna.net> writes:

>>> I would like to add capability to initdb to accept the 
>>password for the
>>> superuser account at invocation. Right now, I can use 
>>--pwprompt or -W
>>> to have it ask for a password. But for the win32 GUI 
>>installed I'd like
>>> to ask for the password in the installer, and pass it to initdb.
>>> Considering how it's done in different places, what's the 
>>preferred way
>>> to do this? Commandline parameter? Environment variable? Other (what
>>> would that be?)
>>
>>There's a reason why it's done that way, which is that the others are
>>all insecure.  At least on some Unixen.
>
> Other binaries accept the password as an environment variable. Are you
> saying that it's secure to pass it as environment variable to
> psql/pgdump/etc but not to initdb? If so, care to enlighten me as to why
> this is different (I'm clearly not seeing why..)?

The environment variable is there for backward compatibility, but it's
deprecated.  There's no reason to enable that functionality in new
code.

-Doug