Re: Bizarre behavior in libpq's searching of ~/.pgpass

I wrote
> I noticed that there's some strange coding in libpq's choice of
> what hostname to use for searching ~/.pgpass for a password.
> ...

> So my first thought was that we should go back to the pre-v10 behavior
> of considering only the host parameter, which it looks like would only
> require removing the "if" bit above.

> But on second thought, I'm not clear that the pre-v10 behavior is really
> all that sane either. What it means is that if you specify only hostaddr,
> the code will happily grab your localhost password and send it off to
> whatever server hostaddr references. This is unlikely to be helpful,
> and it could even be painted as a security breach --- the remote server
> could ask for your password in plaintext and then capture it.

> What seems like a saner definition is "use host if it's specified
> (nonempty), else use hostaddr if it's specified (nonempty), else
> fall back to localhost". That avoids sending a password somewhere
> it doesn't belong, and allows a useful ~/.pgpass lookup in cases
> where only hostaddr is given -- you just need to make an entry
> with the numeric IP address in the host column.

> I think it's not too late to make v11 work that way, but I wonder
> what we ought to do in v10. Comments?

Here's a proposed patch to adopt that behavior. I'm still of mixed
mind whether to push this into v10 ... but we definitely need some
change in v10, because it's not acting as per its docs.

regards, tom lane