From: | "Zlatko Matic" <zlatko(dot)matic1(at)sb(dot)t-com(dot)hr> |
---|---|
To: | "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com> |
Cc: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Matthew T(dot) O'Connor" <matthew(at)zeut(dot)net>, <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: user privilages for executing pg_autovacuum? |
Date: | 2005-10-14 10:30:06 |
Message-ID: | 004301c5d0aa$3f8dea10$52bffea9@zlatkovyfkpgz6 |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
No, I didn't try ident authentication...
It seems to me that security issues should be passd to client company's
system administrator ?
----- Original Message -----
From: "Jim C. Nasby" <jnasby(at)pervasive(dot)com>
To: "Zlatko Matic" <zlatko(dot)matic1(at)sb(dot)t-com(dot)hr>
Cc: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>; "Matthew T. O'Connor"
<matthew(at)zeut(dot)net>; <pgsql-general(at)postgresql(dot)org>
Sent: Thursday, October 13, 2005 9:35 PM
Subject: Re: [GENERAL] user privilages for executing pg_autovacuum?
> AFAIK you can't, and there's not really much point anyway. Anyone with
> taccess to that file will be able to connect to the database.
>
> Have you looked at using ident authentication on localhost?
>
> On Wed, Oct 12, 2005 at 10:12:31AM +0200, Zlatko Matic wrote:
>> If I put password in pgpass file it's still a plain text. How to hide it
>> ?
>>
>> ----- Original Message -----
>> From: "Jim C. Nasby" <jnasby(at)pervasive(dot)com>
>> To: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>
>> Cc: "Zlatko Mati?" <zlatko(dot)matic1(at)sb(dot)t-com(dot)hr>; "Matthew T. O'Connor"
>> <matthew(at)zeut(dot)net>; <pgsql-general(at)postgresql(dot)org>
>> Sent: Wednesday, October 12, 2005 1:14 AM
>> Subject: Re: [GENERAL] user privilages for executing pg_autovacuum?
>>
>>
>> >On Tue, Oct 11, 2005 at 02:39:24PM -0400, Tom Lane wrote:
>> >>=?iso-8859-2?Q?Zlatko_Mati=E6?= <zlatko(dot)matic1(at)sb(dot)t-com(dot)hr> writes:
>> >>> That's the reason why I ask. If a user that executes pg_autovacuum
>> >>> must
>> >>> be
>> >>> owner of tables or a superuser, that it is a security problem to pass
>> >>> password as plain text...
>> >>> How peple solve this problem ?
>> >>
>> >>Put the password in a ~/.pgpass file belonging to the user that runs
>> >>the
>> >>autovacuum task.
>> >
>> >Or you can run pg_autovacuum on the server itself and allow ident
>> >authentication for unix sockets (assuming you're on unix/linux).
>> >--
>> >Jim C. Nasby, Sr. Engineering Consultant jnasby(at)pervasive(dot)com
>> >Pervasive Software http://pervasive.com work: 512-231-6117
>> >vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461
>> >
>> >---------------------------(end of broadcast)---------------------------
>> >TIP 3: Have you checked our extensive FAQ?
>> >
>> > http://www.postgresql.org/docs/faq
>>
>>
>> ---------------------------(end of broadcast)---------------------------
>> TIP 5: don't forget to increase your free space map settings
>>
>
> --
> Jim C. Nasby, Sr. Engineering Consultant jnasby(at)pervasive(dot)com
> Pervasive Software http://pervasive.com work: 512-231-6117
> vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461
>
> ---------------------------(end of broadcast)---------------------------
> TIP 9: In versions below 8.0, the planner will ignore your desire to
> choose an index scan if your joining column's datatypes do not
> match
From | Date | Subject | |
---|---|---|---|
Next Message | Josephine de Castro | 2005-10-14 11:07:24 | Using LISTEN/NOTIFY in C#.NET |
Previous Message | han.holl | 2005-10-14 10:24:31 | Postgres logs to syslog LOCAL0 |