Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: [GENERAL] specifying a password on the cmd line for db connect

0 views
Skip to first unread message

Greg Smith

unread,
Nov 16, 2009, 6:04:51 PM11/16/09
to
Gauthier, Dave wrote:

Hi:

 

Is there a way to require and specify a password at the cmd line for a connect?

You don't want to do that because any user on the system can see the command, and thus the password.  You want to use a .pgpass file instead:

http://www.postgresql.org/docs/8.4/interactive/libpq-pgpass.html

-- 
Greg Smith    2ndQuadrant   Baltimore, MD
PostgreSQL Training, Services and Support
gr...@2ndQuadrant.com  www.2ndQuadrant.com

Raymond O'Donnell

unread,
Nov 16, 2009, 6:05:58 PM11/16/09
to
On 16/11/2009 22:51, Gauthier, Dave wrote:
> Hi:
>
> Is there a way to require and specify a password at the cmd line for a connect? At first glance...
>
> --username foo --password fee
>
> would seem to be what I want. But it just prompts me for a password (after interpreting "fee" as the DB name).

Hi there,

There are no options such as these....what you do instead is use a
pgpass file:

http://www.postgresql.org/docs/8.4/static/libpq-pgpass.html

Ray.

--
Raymond O'Donnell :: Galway :: Ireland
r...@iol.ie

--
Sent via pgsql-general mailing list (pgsql-...@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

Raymond O'Donnell

unread,
Nov 16, 2009, 6:12:01 PM11/16/09
to
On 16/11/2009 23:05, Raymond O'Donnell wrote:
> On 16/11/2009 22:51, Gauthier, Dave wrote:
>> --username foo --password fee

[snip]

> There are no options such as these....what you do instead is use a

Actually, to correct myself, there *are* these options - but the
--password option just forces a password prompt - it doesn't actually
allow you to specify the password.

Have a look at psql --help for all the options.

Ashesh Vashi

unread,
Nov 17, 2009, 12:01:17 AM11/17/09
to
Hi Dave,

You can always use the environment variable PGPASSWORD to do that.
Though - it is not recommended to use for security reason. :(
Please follow the link for the details.
http://www.postgresql.org/docs/8.3/static/libpq-envars.html

--
Thanks & Regards,

Ashesh Vashi
EnterpriseDB INDIA -
The Enterprise Postgres Company

"Make everything as simple as possible, but not simpler..." -- Albert Einstein
"We are what our thoughts have made us; so take care about what you think." -- Swami Vivekananda

Jasen Betts

unread,
Nov 26, 2009, 5:46:18 AM11/26/09
to
On 2009-11-16, Gauthier, Dave <dave.g...@intel.com> wrote:
> --_000_482E80323A35A54498B8B70FF2B87980042237CF64azsmsx504amrc_
> Content-Type: text/plain; charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
>
> Hi:
>
> Is there a way to require and specify a password at the cmd line for a conn=
> ect? At first glance...

PGPASSWORD=fee psql --username foo ...

><html xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:w=3D"urn:sc=
> hemas-microsoft-com:office:word" xmlns=3D"http://www.w3.org/TR/REC-html40">

for winders

set PGPASSWORD=fee
psql --username foo ....

Jasen Betts

unread,
Nov 26, 2009, 5:48:17 AM11/26/09
to
On 2009-11-17, Ashesh Vashi <ashesh...@enterprisedb.com> wrote:
> --000e0cd211e054ab9404788a05cf
> Content-Type: text/plain; charset=ISO-8859-1

>
> Hi Dave,
>
> You can always use the environment variable PGPASSWORD to do that.
> Though - it is not recommended to use for security reason. :(

as long as it's not in the default environment it's better than a
command-line password.

Tom Lane

unread,
Nov 26, 2009, 10:27:07 AM11/26/09
to
Jasen Betts <ja...@xnet.co.nz> writes:
> On 2009-11-17, Ashesh Vashi <ashesh...@enterprisedb.com> wrote:
>> You can always use the environment variable PGPASSWORD to do that.
>> Though - it is not recommended to use for security reason. :(

> as long as it's not in the default environment it's better than a
> command-line password.

On some platforms it's possible to see all of a process's environment
variables using ps-like tools. That's why PGPASSWORD is deprecated.
If you're certain that your platform is not like this, then
"export PGPASSWORD=foo" is probably reasonably safe. On the whole,
though, a .pgpass file is probably safer as well as more convenient.

regards, tom lane

0 new messages