Postgresql 中文操作指南
34.16. The Password File #
如果连接需要密码(但未以其他方式指定密码),则用户主目录中的 .pgpass 文件可以包含要使用的密码。在 Microsoft Windows 中,该文件的名称为 %APPDATA%\postgresql\pgpass.conf(其中 %APPDATA% 指用户配置文件中的应用程序数据子目录)。或者,可以使用连接参数 passfile 或环境变量 PGPASSFILE 指定要使用的密码文件。
The file .pgpass in a user’s home directory can contain passwords to be used if the connection requires a password (and no password has been specified otherwise). On Microsoft Windows the file is named %APPDATA%\postgresql\pgpass.conf (where %APPDATA% refers to the Application Data subdirectory in the user’s profile). Alternatively, the password file to use can be specified using the connection parameter passfile or the environment variable PGPASSFILE.
此文件应包含以下格式的行:
This file should contain lines of the following format:
hostname:port:database:username:password(可以复制上述行并用 # 添加注释将其添加到文件。)前四个字段中的每一个都可以是字面值或 *,它与任何事物匹配。将使用与当前连接参数匹配的第一行的密码字段。(因此,在使用通配符时,先输入具体的内容。)如果某个条目需要包含 : 或 \,请用 \ 转义该字符。当指定 host 连接参数时,主机名字段与其匹配;否则,当指定 hostaddr 参数时,将与其匹配;如果没有提供任何参数,则会搜索主机名 localhost。当连接为 Unix 域套接字连接且 host 参数与其匹配 libpq 的默认套接字目录路径时,也会搜索主机名 localhost。在备用服务器中,replication 数据库字段与其匹配到主服务器的流复制连接。否则,数据库字段的用途有限,因为所有同一簇中的数据库中,用户密码相同。
(You can add a reminder comment to the file by copying the line above and preceding it with #.) Each of the first four fields can be a literal value, or *, which matches anything. The password field from the first line that matches the current connection parameters will be used. (Therefore, put more-specific entries first when you are using wildcards.) If an entry needs to contain : or \, escape this character with \. The host name field is matched to the host connection parameter if that is specified, otherwise to the hostaddr parameter if that is specified; if neither are given then the host name localhost is searched for. The host name localhost is also searched for when the connection is a Unix-domain socket connection and the host parameter matches libpq’s default socket directory path. In a standby server, a database field of replication matches streaming replication connections made to the primary server. The database field is of limited usefulness otherwise, because users have the same password for all databases in the same cluster.
在 Unix 系统中,必须取消密码文件对整个世界或群组的任何访问权限;使用 chmod 0600 ~/.pgpass 等命令实现此操作。如果权限不够严格,则该文件将被忽略。在 Microsoft Windows 系统中,假设文件存储在安全的目录中,因此不会进行特殊的权限检查。
On Unix systems, the permissions on a password file must disallow any access to world or group; achieve this by a command such as chmod 0600 ~/.pgpass. If the permissions are less strict than this, the file will be ignored. On Microsoft Windows, it is assumed that the file is stored in a directory that is secure, so no special permissions check is made.