Re: pgpass file type restrictions

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Daniel Verite" <daniel(at)manitou-mail(dot)org>
Cc: "Desidero" <desidero(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org
Subject: Re: pgpass file type restrictions
Date: 2017-10-19 14:20:04
Message-ID: 30756.1508422804@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

"Daniel Verite" <daniel(at)manitou-mail(dot)org> writes:
> Desidero wrote:
>> When attempting to use something like an anonymous pipe for a
>> passfile, psql throws an error stating that it only accepts plain files

> So the script doing that has access to the password(s) in clear text.
> Can't it instead push the password into the PGPASSWORD
> environment variable, avoiding creating .pgpass in any form?

On many platforms, it's possible for other users to see the environment
variables of a process. So PGPASSWORD is really quite insecure.

regards, tom lane

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message américo bravo astroña 2017-10-19 14:28:22 Re: Problems with the time in data type timestamp without time zone
Previous Message Daniel Verite 2017-10-19 13:56:59 Re: pgpass file type restrictions