| From: | Scott Ribe <scott_ribe(at)elevated-dev(dot)com> |
|---|---|
| To: | John Scalia <jayknowsunix(at)gmail(dot)com> |
| Cc: | "pgsql-admin(at)postgresql(dot)org" <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Security with V9.3.3 standby servers |
| Date: | 2015-02-26 21:57:51 |
| Message-ID: | 2645DF43-00E0-4AEB-B02F-DD8AE703528A@elevated-dev.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Feb 26, 2015, at 9:15 AM, John Scalia <jayknowsunix(at)gmail(dot)com> wrote:
>
> An edict has been handed down here from on high that no script shall ever contain any password in cleartext for any reason. Well this is problem with a streaming replication standby server's recovery.conf file as the line primary_conninfo = contains said replication user's password for that connection. Is there any sort of plan to allow this to be md5 or some such encoded? Or what else could I do in this case?
I have replica standbys that are firewalled from the primary. The primary establishes a reverse SSH tunnel to the replica, then the replica is configured as for a local connection on-server at the primary, just using UNIX identity.
--
Scott Ribe
scott_ribe(at)elevated-dev(dot)com
http://www.elevated-dev.com/
(303) 722-0567 voice
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John Scalia | 2015-02-27 02:40:16 | Re: Security with V9.3.3 standby servers |
| Previous Message | luis.sa | 2015-02-26 18:14:47 | Re: Security with V9.3.3 standby servers |