Quick Links

Re: How to fork pg_dump or psql w/o leaking secrets?

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	"David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>
Cc:	Dominique Devienne <ddevienne(at)gmail(dot)com>, Luca Ferrari <fluca1978(at)gmail(dot)com>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject:	Re: How to fork pg_dump or psql w/o leaking secrets?
Date:	2023-09-22 18:56:11
Message-ID:	1065798.1695408971@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

"David G. Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> writes:
> Once you have the password you should utilize the PGPASSWORD environment
> variable to get it passed to psql. It doesn’t matter in the least how you
> obtained that password in the first place.

Keep in mind that on many flavors of Unix, a process's environment
variables can readily be inspected by other processes. You should
check your platform carefully before assuming that PGPASSWORD is
a safe way to pass down a secret.

regards, tom lane

In response to

Re: How to fork pg_dump or psql w/o leaking secrets? at 2023-09-22 18:27:56 from David G. Johnston

Responses

Re: How to fork pg_dump or psql w/o leaking secrets? at 2023-09-22 20:24:26 from Dominique Devienne

Browse pgsql-general by date

	From	Date	Subject
Next Message	Brad White	2023-09-22 18:56:44	Re: Start service
Previous Message	Nick Ivanov	2023-09-22 18:48:00	Re: Start service