Bruce Momjian <pgman@candle.pha.pa.us> writes:
> The idea of allowing the password to be stored in a file with 600
> permissions seems quite standard. CVS does this.
Seems it would be nice if psql could accept a switch along the lines of--password-is-in-file filename
and go off to read the password from the named file (which we hope is
secured correctly).
Or take it a little further: what about defining a PGPASSWORDFILE
environment variable that libpq would consult, before or instead of
PGPASSWORD? That would give us the same feature for free across all
libpq-using apps, not only psql. Exposing a file name in the
environment is not a security risk, I hope.
regards, tom lane