11<!--
2- $Header: /cvsroot/pgsql/doc/src/sgml/libpq.sgml,v 1.97 2002/09/21 18:32:53 petere Exp $
2+ $Header: /cvsroot/pgsql/doc/src/sgml/libpq.sgml,v 1.98 2002/11/03 01:30:46 momjian Exp $
33-->
44
55 <chapter id="libpq">
@@ -2047,7 +2047,8 @@ sets the user name used to connect to the database and for authentication.
20472047<envar>PGPASSWORD</envar>
20482048sets the password used if the backend demands password
20492049authentication. This functionality is deprecated for security
2050- reasons; consider migrating to use the <filename>$HOME/.pgpass</>
2050+ reasons; consider migrating to use the <link linkend='pgpassfile'>
2051+ <filename>$HOME/.pgpass</></link>
20512052file.
20522053</para>
20532054</listitem>
@@ -2133,6 +2134,11 @@ for information on correct values for these environment variables.
21332134 <primary>files</primary>
21342135</indexterm>
21352136<para>
2137+ <anchor id="pgpassfile"/>
2138+ <indexterm>
2139+ <primary>password</primary>
2140+ <secondary>.pgpass</secondary>
2141+ </indexterm>
21362142<filename>$HOME/.pgpass</filename> is a file that can contain passwords
21372143to be used if the connection requires a password. This file should have the
21382144format:
@@ -2144,6 +2150,11 @@ anything. The first match will be used so put more specific entries first.
21442150Entries with <literal>:</literal> or <literal>\</literal> should be escaped
21452151with <literal>\</literal>.
21462152</para>
2153+ <para>
2154+ The permissions on <filename>$HOME/.pgpass</filename> must disallow any
2155+ access to world or group; achieve this by the command
2156+ <command>chmod 0600 $HOME/.pgaccess</command>.
2157+ If the permissions are less strict than this, the file will be ignored.
21472158</sect1>
21482159
21492160<sect1 id="libpq-threading">