From: | Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> |
---|---|
To: | mbork(at)mbork(dot)pl |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: What are best practices wrt passwords? |
Date: | 2024-10-16 14:37:11 |
Message-ID: | 202410161437.sw2xkl37rcmz@alvherre.pgsql |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 2024-Oct-16, mbork(at)mbork(dot)pl wrote:
> I understand why giving the password on the command line or in an
> environment variable is a security risk (because of `ps`), but I do not
> understand why `psql` doesn't have an option like `--password-command`
> accepting a command which then prints the password on stdout. For
> example, I could then use `pass` (https://www.passwordstore.org/) with
> gpg-agent.
We had a patch to add PGPASSCOMMAND once:
https://www.postgresql.org/message-id/flat/CAE35ztOGZqgwae3mBA%3DL97pSg3kvin2xycQh%3Dir%3D5NiwCApiYQ%40mail.gmail.com
I don't remember the overall conclusions (other than the patch being
rejected), but maybe you can give that a read.
--
Álvaro Herrera PostgreSQL Developer — https://www.EnterpriseDB.com/
From | Date | Subject | |
---|---|---|---|
Next Message | mbork | 2024-10-16 16:16:57 | Re: What are best practices wrt passwords? |
Previous Message | felix.quintgz | 2024-10-16 14:16:45 | Re: What are best practices wrt passwords? |