Re: Have an encrypted pgpass file

On 7/23/18 08:07, Robert Haas wrote:
> This objection seems akin to
> saying "we're not going to let you drive because you might crash the
> car". There are *some* people who should not be allowed to get behind
> the wheel, but this proposal seems analogous to banning *everyone*
> from driving on the theory that car crashes are bad. I think that's
> an overreaction.

I would second this. There will always be lots of ways people can shoot
themselves in the foot. Our goal should be helping packagers make sure
the out-of-box setup is secure, and providing an extensible and flexible
product which can be customized to meet both mainstream and eclectic use
cases.

On 7/23/18 08:07, Robert Haas wrote:
> I think that the most common use case is likely to be to get the data
> from a local or remote keyserver.

This was also my thought. In fact, in the case of token-based
authentication schemes, today you'd have to have a cron job get a new
token every N minutes and rewrite the pgpass file. This patch enables
users to build far more elegant solutions under those schemes.

I gave the patch a spin on a linux box, and it works as expected. If we
can address the windows bit, then I'd support the idea of adding this
capability to libpq.

-Jeremy

--
Jeremy Schneider
Database Engineer
Amazon Web Services