Re: Deprecating plans for PGPASSWORD environment variable as insecure

Hi,

This group is for pgAdmin4 related queries, you can send the postgres
related queries to *pgsql-general(at)postgresql(dot)org
<pgsql-general(at)postgresql(dot)org>*

Thanks,
Khushboo

On Mon, Dec 27, 2021 at 2:07 PM Alexey Murz Korepov <murznn(at)gmail(dot)com>
wrote:

> MySQL in version have deprecated the `MYSQL_PWD` environment variable,
> because they considers this way as insecure, quote from
> https://dev.mysql.com/doc/refman/8.0/en/environment-variables.html#idm45429554761920
> :
>
> > Use of MYSQL_PWD to specify a MySQL password must be considered
> extremely insecure and should not be used. Some versions of ps include an
> option to display the environment of running processes. On some systems, if
> you set MYSQL_PWD, your password is exposed to any other user who runs ps.
> Even on systems without such a version of ps, it is unwise to assume that
> there are no other methods by which users can examine process environments.
>
> So I want to ask - is there the same plan for PostgreSQL with it's
> `PGPASSWORD` environment variable for future versions, or will it stay as
> non-deprecated for future versions, and we can continue to use it without
> worrying?
>
> --
> Best regards,
> Alexey Murz Korepov.
> E-mail: murznn(at)gmail(dot)com
> Messengers: Matrix - https://matrix.to/#/@murz:ru-matrix.org Telegram -
> @MurzNN
>