From: Tom Lane <tgl@sss.pgh.pa.us>

The attached patches respond to discussion that was on pgsql-hackers
around the beginning of June (see thread "libpgtcl bug (and symptomatic
treatment)").  The changes are:

1. Remove code in connectDB that throws away the password after making
a connection.  This doesn't really add much security IMHO --- a bad guy
with access to your client's address space can likely extract the
password anyway, to say nothing of what he might do directly.  And
there's the serious shortcoming that it prevents PQreset() from working
if the database requires a password.

2. Fix coredump problem: fe_sendauth did not guard against being handed
a NULL password pointer.  (This is the proximate cause of the coredump-
during-PQreset problem that Magosanyi Arpad complained of last month.)

3. Remove highly questionable "error recovery" logic in libpgtcl's
pg_exec statement.

I believe the consensus of the discussion last month was in favor of
#1 and #3, but I'm just now getting around to making the change.
I realized that #2 was a bug in process of looking at the change.

src/interfaces/libpq/fe-auth.c

@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.18 1998/07/03 04:24:11 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.19 1998/07/09 03:32:09 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -522,6 +522,12 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
 
 		case AUTH_REQ_PASSWORD:
 		case AUTH_REQ_CRYPT:
+			if (password == NULL || *password == '\0')
+			{
+				(void) sprintf(PQerrormsg,
+				 "fe_sendauth: no password supplied\n");
+				return (STATUS_ERROR);
+			}
 			if (pg_password_sendauth(conn, password, areq) != STATUS_OK)
 			{
 				(void) sprintf(PQerrormsg,