"Daniel Verite" <daniel@xxxxxxxxxxxxxxxx> writes: > Desidero wrote: >> When attempting to use something like an anonymous pipe for a >> passfile, psql throws an error stating that it only accepts plain files > So the script doing that has access to the password(s) in clear text. > Can't it instead push the password into the PGPASSWORD > environment variable, avoiding creating .pgpass in any form? On many platforms, it's possible for other users to see the environment variables of a process. So PGPASSWORD is really quite insecure. regards, tom lane -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
