I'm giving a try at some TODO items. Currently it's the turn of the

PGPASSWORDFILE environment variable. I have modified libpq to make use of this variable. I present the first cut here. Currently the format for the file should be host:port:database:user:password Alvaro Herrera
2025-12-24 06:01:07 +03:00 · 2002-08-15 02:56:19 +00:00
parent 46aaa5dda3
commit 7f4981f4af
4 changed files with 148 additions and 28 deletions
--- a/doc/src/sgml/libpq++.sgml
+++ b/doc/src/sgml/libpq++.sgml
@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/Attic/libpq++.sgml,v 1.41 2002/03/22 19:20:12 petere Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/Attic/libpq++.sgml,v 1.42 2002/08/15 02:56:19 momjian Exp $
 -->

 <chapter id="libpqplusplus">
@@ -117,11 +117,14 @@ $Header: /cvsroot/pgsql/doc/src/sgml/Attic/libpq++.sgml,v 1.41 2002/03/22 19:20:
      </listitem>
      <listitem>
       <para>
-	<envar>PGPASSWORD</envar>
-	sets the password used if the backend demands password
-	authentication. This is not recommended because the password can
-	be read by others using the <command>ps</command> command with special options
-	on some platforms.
+        <envar>PGPASSWORD</envar>
+        sets the password used if the backend demands password
+        authentication.  This is deprecated; use <envar>PGPASSWORDFILE</envar> instead.
+      <listitem>
+       <para>
+	<envar>PGPASSWORDFILE</envar>
+	sets the password file used if the backend demands password
+	authentication. Refer to the libpq documentation for more details.
       </para>
      </listitem>
      <listitem>
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/libpq.sgml,v 1.90 2002/03/22 19:20:13 petere Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/libpq.sgml,v 1.91 2002/08/15 02:56:19 momjian Exp $
 -->

 <chapter id="libpq">
@@ -2038,9 +2038,25 @@ sets the user name used to connect to the database and for authentication.
 </indexterm>
 <envar>PGPASSWORD</envar>
 sets the password used if the backend demands password
-authentication. This is not recommended because the password can
-be read by others using the <command>ps</command> command with special options
-on some platforms.
+authentication.  This functionality is deprecated for security
+reasons; consider migrating to <envar>PGPASSWORDFILE</envar>.
+</para>
+</listitem>
+<listitem>
+<para>
+<indexterm>
+ <primary><envar>PGPASSWORDFILE</envar></primary>
+</indexterm>
+<envar>PGPASSWORDFILE</envar>
+sets the password file used if the backend demands password authentication.
+This file should have the format
+<screen>
+<replaceable>hostname</replaceable>:<replaceable>port</replaceable>:<replaceable>database</replaceable>:<replaceable>username</replaceable>:<replaceable>password</replaceable>
+</screen>
+Any of these may be a literal name, or a <literal>*</literal> that matches
+anything.  The first match will be the one used, so put more specific entries first.
+Entries with <literal>:</literal> or <literal>\</literal> should be escaped
+with <literal>\</literal>.
 </para>
 </listitem>
 <listitem>