| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Oliver Jowett <oliver(at)opencloud(dot)com> |
| Cc: | postgresbugs <postgresbugs(at)grifent(dot)com>, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: PGPASSWORD |
| Date: | 2005-02-25 21:09:13 |
| Message-ID: | 8230.1109365753@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Oliver Jowett <oliver(at)opencloud(dot)com> writes:
> If you're a shell script calling psql / pg_dump / etc, how do you do this?
That doesn't strike me as a compelling case for inventing "--password-fd".
Such a shell script is going to have a hard time passing a password
securely anyway (you weren't planning to "echo $PW" it somewhere, I trust).
And why should the shell script have its fingers on the password in the
first place? It has no "need to know", and more chances to leak the
password unintentionally than one likes to think about.
If you really don't want to solve the problem with .pgpass, I'd
recommend letting the invoked program collect the password for itself.
That's exactly why we do the collection on /dev/tty and not stdin.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | postgresbugs | 2005-02-25 21:22:10 | Re: PGPASSWORD |
| Previous Message | Oliver Jowett | 2005-02-25 20:44:26 | Re: PGPASSWORD |