| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter_e(at)gmx(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pg_upgrade using appname to lock out other users |
| Date: | 2011-06-18 13:34:58 |
| Message-ID: | 201106181334.p5IDYwY05750@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Bruce Momjian wrote:
> I meant the PGPASSWORD environment variable:
>
> <indexterm>
> <primary><envar>PGPASSWORD</envar></primary>
> </indexterm>
> <envar>PGPASSWORD</envar> behaves the same as the <xref
> linkend="libpq-connect-password"> connection parameter.
> Use of this environment variable
> is not recommended for security reasons, as some operating systems
> allow non-root users to see process environment variables via
> <application>ps</>; instead consider using the
> <filename>~/.pgpass</> file (see <xref linkend="libpq-pgpass">).
>
> The only other way to do this is to pass it on the command line, but
> some options don't allow that (pg_ctl), and PGPASSFILE is going to
> require me to create a dummy .pgpass password file in a valid format and
> use that.
One interesting idea would be to write the server password in the
PGPASSFILE format, and allow the server and libpq to read the same file
by pointing PGPASSFILE at that file.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Noah Misch | 2011-06-18 13:37:03 | Re: crash-safe visibility map, take five |
| Previous Message | Bruce Momjian | 2011-06-18 13:28:48 | Re: Re: [COMMITTERS] pgsql: Don't use "cp -i" in the example WAL archive_command. |