Tom Lane wrote:
psql, pg_dump, etc allow password specification from stdin and from .pgpass, never on the command line. There is a reason why they are all designed like that. pg_autovacuum hasn't been studied carefully enough I guess, because we should never have let a security hole like this get by us.
I agree. And while we're on the topic, my patch from last year to allow setting an alternative location for the pgpass file via the environment seems to be lingering in the pgpatches2 queue. I know some clients use the environment to pass the password directly (also very insecure) because they can't specify the passfile location.
cheers andrew ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
