Re: adding PGPASSWORDFILE to libpq
От | Tom Lane |
---|---|
Тема | Re: adding PGPASSWORDFILE to libpq |
Дата | |
Msg-id | 761.1028903516@sss.pgh.pa.us обсуждение исходный текст |
Ответ на | adding PGPASSWORDFILE to libpq (Alvaro Herrera <alvherre@atentus.com>) |
Список | pgsql-patches |
Alvaro Herrera <alvherre@atentus.com> writes: > - should there be some reasonable default non-empty value? If so, how > can I define it? In terms of $HOME? I don't think so. This is the sort of thing that I feel a user ought to have to define explicitly; too much risk of picking up an unintended file otherwise. > - should there be a new parameter in the connection string that allows > specifying the file that should be used? A new parameter to > PQsetdbLogin() (breaks old code, I think) ? Changing the call signature of PQsetdbLogin is completely out of the question. While we could add an option in connection strings, I'm not really sure I see the need. Seems like any practical use of this facility would involve setting PGPASSWORDFILE as an environment variable. If you're going to put something in the conninfo string you may as well just give the password and be done with it. Remember that the point of the feature is to be a safer substitute for PGPASSWORD environment variable. > - Should I try to use the passwd parameter as password file, and try to > use it as password if it fails to fopen()? Also extremely risky. I do not like "convenience features" that create security risks ... > - Should the password be dependent of the database name? Yes, but see below. > Currently the format for the file should be > host:port:database:user:password You should allow a wildcard (perhaps *) for each of those positions, but otherwise that seems reasonable. regards, tom lane
В списке pgsql-patches по дате отправления: