| From: | "Zeugswetter Andreas SB SD" <ZeugswetterA(at)spardat(dot)at> |
|---|---|
| To: | "Bruce Momjian" <pgman(at)candle(dot)pha(dot)pa(dot)us>, "Christopher Kings-Lynne" <chriskl(at)familyhealth(dot)com(dot)au> |
| Cc: | "Antonio Fiol Bonnin" <fiol(at)w3ping(dot)com>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Doug McNaught" <doug(at)wireboard(dot)com>, "Lincoln Yeoh" <lyeoh(at)pop(dot)jaring(dot)my>, "Hackers" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opensup |
| Date: | 2001-11-30 11:06:32 |
| Message-ID: | 46C15C39FEB2C44BA555E356FBCD6FA41EB446@m0114.s-mxs.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> Of course, given that most OS's don't have the 'ps' environment
problem,
> maybe we have to keep PGPASSWORD around. It is up to the group. Do
> people want me to change my wording of the option in the SGML sources?
>
> <envar>PGPASSWORD</envar>
> sets the password used if the backend demands password
> authentication. This is not recommended because the password can
> be read by others using a <command>ps</command> environment flag
> on some platforms.
I think the wording is good. I would keep supporting the envar.
What exactly speaks against a commandline switch, that gets hidden
with the postmaster argv trick, and a similar notice as for PGPASSWORD.
For me, this would be the most convenient form of supplying a password
(if I used db side passwords :-).
Andreas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Lockhart | 2001-11-30 13:51:55 | Re: History question |
| Previous Message | Karel Zak | 2001-11-30 10:53:38 | Re: History question |