Tom Lane wrote: > On many platforms, it's possible for other users to see the environment > variables of a process. So PGPASSWORD is really quite insecure. As said in https://www.postgresql.org/docs/current/static/libpq-envars.html "PGPASSWORD behaves the same as the password connection parameter. Use of this environment variable is not recommended for security reasons, as some operating systems allow non-root users to see process environment variables via ps; instead consider using a password file" I understand this in the context that PostgreSQL runs on many operating systems, including ancient ones. But in the case that the target platform is not afflicted by "the environment is public" problem, what's best between PGPASSWORD and .pgpass is a judgment call. Personally I'm unimpressed by the recommendation above seemingly favoring the latter, as if it hadn't its own problems. Best regards, -- Daniel Vérité PostgreSQL-powered mailer: http://www.manitou-mail.org Twitter: @DanielVerite -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
