"Tauren Mills" <tauren@servlets.net> writes:
>> Quite deliberately ... if passwords were provided on the command line,
>> then anyone else on your machine could read them off with 'ps'.
> I was actually wondering if that was the reason. I know that with MySQL,
> the mysql program immediately changes the command line that is displayed
> with 'ps' so that you simply see 'xxxxxx' for the password. However, there
> is an instant that ps could report the password.
More to the point, changing the command line seen by 'ps' is a highly
nonportable operation. It doesn't work on all the platforms we support,
and we don't trust it for anything critical even on the platforms where
it seems to work.
> I would think that there would be some way to do this, however. For
> instance, specify a file path that contains the password. It seems like
> someone out there must be running the command line programs from an
> automated script. How are you doing it? Using something like 'expect'?
I think the common locution is
echo password | psql ...
This of course is not real secure against ps spying either, but at least
the echo process only runs for a millisecond or two. Possibly better:
cat a file containing the password into psql.
A far better solution is not to depend on password-based authorization
in the first place. Consider ident-based auth, if the scripts will run
on trustworthy hosts. Or if you are running the scripts on the same
host as the postmaster, you might be able to do something with
filesystem access restrictions for the postmaster's socket file.
regards, tom lane