Allow password file name to be specified as a libpq connection parameter.

Formerly an alternate password file could only be selected via the environment variable PGPASSFILE; now it can also be selected via a new connection parameter "passfile", corresponding to the conventions for most other connection parameters. There was some concern about this creating a security weakness, but it was agreed that that argument was pretty thin, and there are clear use-cases for handling password files this way. Julian Markwort, reviewed by Fabien Coelho, some adjustments by me Discussion: https://postgr.es/m/a4b4f4f1-7b58-a0e8-5268-5f7db8e8ccaa@uni-muenster.de
2025-07-12 21:01:52 +03:00 · 2017-01-24 17:06:21 -05:00
parent d1ecd53947
commit ba005f193d
4 changed files with 81 additions and 62 deletions
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@ -686,11 +686,12 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn)
 		case AUTH_REQ_MD5:
 		case AUTH_REQ_PASSWORD:
 			{
-				char   *password = conn->connhost[conn->whichhost].password;
+				char	   *password;

+				conn->password_needed = true;
+				password = conn->connhost[conn->whichhost].password;
 				if (password == NULL)
 					password = conn->pgpass;
-				conn->password_needed = true;
 				if (password == NULL || password[0] == '\0')
 				{
 					printfPQExpBuffer(&conn->errorMessage,