Security flaw when password is used on commandline

I use jasperstarter to access a PostgreSQL database. AFAIS the only way to access the database is to give the password on the commandline with the -p option. This is not common in other tools and may lead to security breaches. The password can be seen by other processes on the same machine in "/proc/xxxx/cmdline" and it may be written to the bash history.

Other tools allow to have a separate file for the password store. After thinking about it (and after reading https://sourceforge.net/p/jasperstarter/discussion/general/thread/7145360df8/ ) my idea is that a wayx to read an jasperstudio connection.xml file would be the best solution. Reading the psql standard file "~/.pgpass" may also be an idea. Or one does an separate file and we need an option to use it.

What do you think?

PS: Hi, Volker! Did not see you for a long time. I was happy to see jasperstarter. It is a great work! Thanks for doing it.

Hi Thomas,

sorry for late answer. It seems that the notification email went into spam...

you can use
http://jasperstarter.cenote.de/usage.html#Command_files

Don't know why I did not mention it in the forum...

I did not take a look at that connection.xml till now. Is there any benefit compared too the command file. (the command file is a feature of the parser library used by JasperStarter https://argparse4j.github.io/usage.html#fromfileprefix).

Storing passwords in files has always a bad taste...

Database connections are unencrypted, so hiding the password of the configuration solves only half of the problem

Any help is always welcome

Best Regards
Volker