From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
---|---|
To: | JP Jacoupy <jpjacoupy(at)protonmail(dot)com>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Service configuration file and password security |
Date: | 2017-02-16 18:22:12 |
Message-ID: | 28f0225f-efb6-e22f-d0bf-241a789c40e8@aklaver.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 02/16/2017 05:57 AM, JP Jacoupy wrote:
> Hello,
>
> This might seem a pretty novice question but I can't find an answer.
>
> Can the password be stored in an encrypted way inside a service
> configuration file?
To be clear you are talking about this, correct?:
https://www.postgresql.org/docs/9.6/static/libpq-pgservice.html
If so then no as I understand it. Assuming you have password
authentication set up to md5, libpq takes care of doing the md5-hash
before sending it to the server. You do have the following options:
1) https://www.postgresql.org/docs/9.6/static/libpq-pgpass.html
2) https://www.postgresql.org/docs/9.6/static/libpq-envars.html
PGPASSWORD behaves the same as the password connection parameter. Use of
this environment variable is not recommended for security reasons, as
some operating systems allow non-root users to see process environment
variables via ps; instead consider using the ~/.pgpass file (see Section
32.15).
PGPASSFILE specifies the name of the password file to use for lookups.
If not set, it defaults to ~/.pgpass (see Section 32.15).
2) And coming in version 10:
http://paquier.xyz/postgresql-2/postgres-10-pgpassfile-connection/
>
> --
> Jacoupy Jean-Philippe
>
>
> Sent from ProtonMail <https://protonmail.ch>, encrypted email based in
> Switzerland.
>
>
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
From | Date | Subject | |
---|---|---|---|
Next Message | Francisco Olarte | 2017-02-16 18:28:32 | Re: Service configuration file and password security |
Previous Message | Adrian Klaver | 2017-02-16 17:54:21 | Re: Autovacuum stuck for hours, blocking queries |