On Sun, 2002-01-13 at 01:20, Maarten.Boekhold@reuters.com wrote:
> On 01/12/2002 06:03:44 PM Karl DeBisschop wrote:
> > On Sat, 2002-01-12 at 03:32, David Terrell wrote:
> > > On Thu, Jan 10, 2002 at 09:07:50AM +0100, Alexander Pucher wrote:
> > > > I need to run a shell script that logs in to Postgresql, executes a
> > > > query and logs off again.
>
> > > > My problem is that I can't find a way to put the password in an
> 'psql'
> > > > statement at the prompt.
>
> > If you absolutely need to do something like this, look into expect.
>
> Woul be useful if there's an example expect script for this somewhere in
> the distribution or documentation. Lots of people don't know expect, and
> don't want to learn it. They just want to automate database tasks.
Before you forga ahead with expect, perhaps you als want to read the
docs for pg_hba.conf.
As I said, expect can be secure if uoy are careful (make sure noone else
can read the scipt). But it's not alot of fun to maintain.
There are other options. If you want to avoid admiin hassles, I'd
suggest looking into ident on a close set of machines. If the machine in
question is not close by, then try ssh to make them seem closer.
Basically, you can trust identd if and only if you know that its your
identd. But with identd, you can have a large number of scripts that
continue to work after you change the password. (Note that you cannot
use identd on the ub=nix socket).
We are presently revamping our own security. If I had a good example of
a system in a final state, I'd post it. I don't know, but maybe someone
else can. Or maybe in a few weeks I'll post ours, if I can assure myself
that disclosure won't reduce scurity (iff well designed, that should be
the case, I think).
Karl