On Mon, 2002-08-12 at 00:16, Bruce Momjian wrote:
> Larry Rosenman wrote:
> > On Sun, 2002-08-11 at 15:45, Tom Lane wrote:
> > > Alvaro Herrera <alvherre@atentus.com> writes:
> > > > I attach a patch that adds the PGPASSWORDFILE ability to libpq, and
> > > > removes the use of PGPASSWORD.
> > >
> > > Were we actually going to *remove* that, as opposed to deprecate it?
> > >
> > > There are systems (in fact many) where it's perfectly secure, so I'm
> > > not that thrilled about removing functionality ...
> > PLEASE DO NOT REMOVE IT WITHOUT AT LEAST ONE RELEASE CYCLE WARNING.
> >
> > You will ****BREAK**** People.
>
> OK, we will keep it for one release. Good point.
>
> Shame we couldn't do that will the 'reading password from /dev/tty'
> change we made in 7.2. I guess we could have had an environment
> variable control it, but that is kind of weird.
make sure the fact that PGPASSWORD is going away is ***PROMINENT*** in
the release notes and README and anywhere PGPASSWORD is documented. If
in fact, given TGL's objection, that it will go away in 7.4.
LER
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 972-414-9812 E-Mail: ler@lerctr.org
US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749