From: | Khushboo Vashi <khushboo(dot)vashi(at)enterprisedb(dot)com> |
---|---|
To: | Alexey Murz Korepov <murznn(at)gmail(dot)com> |
Cc: | "pgadmin-support lists(dot)postgresql(dot)org" <pgadmin-support(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Deprecating plans for PGPASSWORD environment variable as insecure |
Date: | 2021-12-27 08:44:40 |
Message-ID: | CAFOhELcZo6nDY2MErntD+_VCkzGz7vveieqKgniZ7BVrHBUFQA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgadmin-support |
Hi,
This group is for pgAdmin4 related queries, you can send the postgres
related queries to *pgsql-general(at)postgresql(dot)org
<pgsql-general(at)postgresql(dot)org>*
Thanks,
Khushboo
On Mon, Dec 27, 2021 at 2:07 PM Alexey Murz Korepov <murznn(at)gmail(dot)com>
wrote:
> MySQL in version have deprecated the `MYSQL_PWD` environment variable,
> because they considers this way as insecure, quote from
> https://dev.mysql.com/doc/refman/8.0/en/environment-variables.html#idm45429554761920
> :
>
> > Use of MYSQL_PWD to specify a MySQL password must be considered
> extremely insecure and should not be used. Some versions of ps include an
> option to display the environment of running processes. On some systems, if
> you set MYSQL_PWD, your password is exposed to any other user who runs ps.
> Even on systems without such a version of ps, it is unwise to assume that
> there are no other methods by which users can examine process environments.
>
> So I want to ask - is there the same plan for PostgreSQL with it's
> `PGPASSWORD` environment variable for future versions, or will it stay as
> non-deprecated for future versions, and we can continue to use it without
> worrying?
>
> --
> Best regards,
> Alexey Murz Korepov.
> E-mail: murznn(at)gmail(dot)com
> Messengers: Matrix - https://matrix.to/#/@murz:ru-matrix.org Telegram -
> @MurzNN
>
From | Date | Subject | |
---|---|---|---|
Next Message | Elvia Gomez | 2021-12-27 13:00:38 | Re: I cannot get PGAdmin to load the servers. |
Previous Message | Alexey Murz Korepov | 2021-12-27 08:37:23 | Deprecating plans for PGPASSWORD environment variable as insecure |