Index: fe-connect.c
===================================================================
RCS file: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v
retrieving revision 1.354
diff -c -r1.354 fe-connect.c
*** fe-connect.c	9 Dec 2007 19:01:40 -0000	1.354
--- fe-connect.c	11 Dec 2007 02:46:22 -0000
***************
*** 599,604 ****
--- 599,618 ----
  	{
  		if (!connectOptions1(conn, dbName))
  			return conn;
+ 
+ 		/*
+ 		 * We disallow supplying a password through dbName, because a large
+ 		 * number of applications allow dbName to be set from a command-line
+ 		 * parameter, and putting a password on your command line is a horrid
+ 		 * idea from a security point of view.
+ 		 */
+ 		if (conn->pgpass_from_client)
+ 		{
+ 			conn->status = CONNECTION_BAD;
+ 			printfPQExpBuffer(&conn->errorMessage,
+ 							  libpq_gettext("password must not be set within database name parameter\n"));
+ 			return conn;
+ 		}
  	}
  	else
  	{