| From: | Matthias Apitz <guru(at)unixarea(dot)de> |
|---|---|
| To: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | PGPASSWORD in crypted form, for example BlowFish or SHA-256 |
| Date: | 2019-09-19 10:30:39 |
| Message-ID: | 20190919103039.GA2501@c720-r342378 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hello,
Our software, a huge ILS, is running on Linux with DBS Sybase. To
connect to the Sybase server (over the network, even on localhost),
credentials must be known: a user (say 'sisis') and its password.
For Sybase we have them stored on the disk of the system in a file
syb.npw as:
$ cat /opt/lib/sisis/etc/syb/syb.npw
sisis:e53902b9923ab2fb
sa:64406def48efca8c
for the user 'sisis' and the administrator 'sa'. Our software has as
shared library a blob which knows how to decrypt the password hash above
shown as 'e53902b9923ab2fb' into clear text which is then used in the
ESQL/C or Java layer to connect to the Sybase server.
For PostgreSQL the password must be typed in (for pgsql) or can be
provided in an environment variable PGPASSWORD=blabla
Is there somehow an API in PG to use ciphered passwords and provide as a
shared library the blob to decrypt it? If not, we will use the mechanism same as
we use for Sybase. Or any other idea to not make detectable the
credentials? This was a request of our customers some years ago.
matthias
--
Matthias Apitz, ✉ guru(at)unixarea(dot)de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
Mientras haya voluntad de lucha habrá esperanza de vencer.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marco Ippolito | 2019-09-19 11:02:38 | How to safely remove a corrupted cluster? |
| Previous Message | Steven Lembark | 2019-09-19 06:03:44 | Re: Backup PostgreSQL from RDS straight to S3 |