| From: | Alexey Murz Korepov <murznn(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Deprecating plans for PGPASSWORD environment variable as insecure |
| Date: | 2021-12-27 08:55:27 |
| Message-ID: | CAL5pyKuxbDYS8QJtQcMeKR+30furJCeDwrd_Mi751yzTAnOBuQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
MySQL in version have deprecated the `MYSQL_PWD` environment variable,
because they considers this way as insecure, quote from
https://dev.mysql.com/doc/refman/8.0/en/environment-variables.html#idm45429554761920
:
> Use of MYSQL_PWD to specify a MySQL password must be considered
extremely insecure and should not be used. Some versions of ps include an
option to display the environment of running processes. On some systems, if
you set MYSQL_PWD, your password is exposed to any other user who runs ps.
Even on systems without such a version of ps, it is unwise to assume that
there are no other methods by which users can examine process environments.
So I want to ask - is there the same plan for PostgreSQL with it's
`PGPASSWORD` environment variable for future versions, or will it stay as
non-deprecated for future versions, and we can continue to use it without
worrying?
--
Best regards,
Alexey Murz Korepov.
E-mail: murznn(at)gmail(dot)com
Messengers: Matrix - https://matrix.to/#/@murz:ru-matrix.org Telegram -
@MurzNN
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Stehule | 2021-12-27 09:03:51 | Re: Deprecating plans for PGPASSWORD environment variable as insecure |
| Previous Message | Lucas | 2021-12-26 23:09:47 | Re: Wal files in /pgsql/14/main/pg_wal not removed |