Re: Roles with empty password (probably bug in libpq and in psql as well).

2012/7/24 Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>

> Dmitriy Igrishin <dmitigr(at)gmail(dot)com> writes:
> > But it's impossible to pass empty (NULL) password to the backend
>
> Please note that empty and null are not the same thing...
>
Yes, I know. But why the ALTER ROLE treats '' as NULL and
as the result all of values of pg_catalog.pg_authid.rolpassword are always
NULL even when the password in ALTER ROLE was specified as ''? :-)
That is the reason why I've considered empty and NULL as the same
thing :-)

>
> > by using libpq, because connectOptions2() defined the
> > fe-connect.c reads a password from the ~/.pgpass even when a password
> > specified as an empty string literal ("").
>
> I rather doubt that we'll change this, because it seems more likely
> to break applications that rely on that behavior than to do anything
> useful. Surely nobody in their right mind uses an empty password.
>
> (If anything, I'd be more inclined to make the backend treat an empty
> password as an error than to try to make libpq safe for the case.
> Even if we did change libpq, there are probably issues with empty
> passwords in jdbc and who knows how many other places.)
>
Then it should be at least documented in the libpq's documentation that
explicitly specified empty password will force libpq to get it from the
file?

>
> regards, tom lane
>

--
// Dmitriy.