Re: PGPASSWORD in crypted form, for example BlowFish or SHA-256

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Matthias Apitz <guru(at)unixarea(dot)de>
Cc: pgsql-general(at)lists(dot)postgresql(dot)org
Subject: Re: PGPASSWORD in crypted form, for example BlowFish or SHA-256
Date: 2019-09-19 14:09:57
Message-ID: 22653.1568902197@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Matthias Apitz <guru(at)unixarea(dot)de> writes:
> Is there somehow an API in PG to use ciphered passwords and provide as a
> shared library the blob to decrypt it?

No. Consider a non-password auth mechanism, for instance SSL
certificates. You might find that an SSL certificate file
stored where libpq will find it is already about as secure as
what you're doing now. If you want to jump through extra
hoops for more security, I think you can use ssh-agent to
hold the keys.

regards, tom lane

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Tom Lane 2019-09-19 14:14:33 Re: n_live_tup count increase after vacuum
Previous Message Matthias Apitz 2019-09-19 13:23:21 Re: PGPASSWORD in crypted form, for example BlowFish or SHA-256