Re: BUG #16486: Prompted password is ignored when password specifiedin connection string

Hello Tom,
09.06.2020 04:59, Tom Lane wrote:
> The thing that was really missing here IMO is the specification that a
> conninfo string overrides other command-line parameters.  It's somewhat
> debatable whether a -W prompt is a "command line parameter", but it
> acts that way for this purpose.  In any case, I'm disinclined to document
> that specific interaction, because it would amount to blessing a pretty
> damfool practice, which is to make your password visible on the program's
> command line.  (I wonder whether section 33.1.2 ought to specifically
> caution against putting passwords into command-line conninfo strings.)
I don't think that the main issue is with blessing such a practice,
because the documentation already says about PGPASSWORD:
Use of this environment variable is not recommended for security
reasons, as some operating systems allow non-root users to see process
environment variables via ps; ...
So using the PGPASSWORD is not blessed either.
And I wonder, what if we had, say PGCONNURI environment variable? Should
the password specified inside be not overridable too?

By the way, similar behaviour could also be observed with PGSERVICE:
echo -e "[mydb]\nhost=localhost\nuser=u1\npassword=p1\n" >/tmp/service.conf
PGSERVICEFILE=/tmp/service.conf PGSERVICE="mydb" psql -W
In this case psql effectively ignores the input password too. So the
visibility of the password is not main criteria to make it dominant.

Best regards,
Alexander