2 files changed, 8 insertions, 13 deletions

diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index 022c5cb386..de4cde24e5 100644
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.18 1998/07/03 04:24:11 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.19 1998/07/09 03:32:09 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -522,6 +522,12 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
 
 		case AUTH_REQ_PASSWORD:
 		case AUTH_REQ_CRYPT:
+			if (password == NULL || *password == '\0')
+			{
+				(void) sprintf(PQerrormsg,
+				 "fe_sendauth: no password supplied\n");
+				return (STATUS_ERROR);
+			}
 			if (pg_password_sendauth(conn, password, areq) != STATUS_OK)
 			{
 				(void) sprintf(PQerrormsg,
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index 47aa2b9bca..7d16176306 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.73 1998/07/09 03:29:07 scrappy Exp $
+ *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.74 1998/07/09 03:32:10 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -768,17 +768,6 @@ connectDB(PGconn *conn)
 
 	PQsetenv(conn);
 
-	/* Free the password so it's not hanging out in memory forever */
-	/* XXX Is this *really* a good idea?  The security gain is marginal
-	 * if not totally illusory, and it breaks PQreset() for databases
-	 * that use passwords.
-	 */
-	if (conn->pgpass != NULL)
-	{
-		free(conn->pgpass);
-		conn->pgpass = NULL;
-	}
-
 	return CONNECTION_OK;
 
 connect_errReturn: