postgresbugs wrote:
  

Oliver Jowett wrote:

    

postgresbugs wrote:

      

The functionality provided by PGPASSWORD should not be removed unless 
there is a functionality other than .pgpass, which is fine for some 
uses and not for others, that will provide similar functionality. 
That could be psql and pg_dump and the like accepting a password on 
the command line as I stated earlier. 
        

Putting the password on the command line would be even more of a 
security problem than PGPASSWORD is now. I agree that an alternative 
to ,pgpass would be useful, but it needs to be a *secure* alternative.

-O
      

That may be true. Again, I think the option to use or not use PGPASSWORD 
or something similar should be up to the system administrator.
    

I have updated the docs to read "not recommended":

  authentication.  This environment variable is not recommended for security

                                                ^^^^^^^^^^^^^^^
n