Greg Smith <gsmith@xxxxxxxxxxxxx> writes: > In your typical shell nowadays the echo command is a built-in one--it > executes directly rather than calling a separate echo binary, so it won't > leak what you tell it onto a command line. That means this line in a > script would be simplest way to do this that's not completely insecure: > echo "create user foo password 'secret'" | psql ... And if we haven't given you a headache yet: There's a similar risk even after you've securely sent the command to the database server: it will be transiently exposed in pg_stat_activity, and perhaps permanently logged in the postmaster log. Now the audience that can see either of those things is hopefully smaller than "everyone on the machine", but still it's not very nice if you don't want anyone else to know the cleartext of your password. The way to deal with this is to pre-encrypt the password before you send it over to the server. Both the createuser program and psql's \password command do it that way. Unfortunately it looks like they both insist on reading the password from /dev/tty, so if you want to script this, you'd be stuck with making a special-purpose program that didn't. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster