| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Shane Ambler <pgsql(at)Sheeky(dot)Biz> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Michael Schmidt <michaelmschmidt(at)msn(dot)com>, PostgreSQL General <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Password issue revisited |
| Date: | 2007-02-20 17:55:35 |
| Message-ID: | 45DB3617.9040107@hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs pgsql-general |
>>> The default on *all* windows versions since NT 4.0 (which is when the
>>> directory we use was added) will put this file in a protected directory.
>>> The only case when it's not protected by default is if you're usnig FAT
>>> filesystem, in which case there is nothing you can do about it anyway.
>>> On unix, the file will often be created in outside-readable mode by
>>> default, depending on how your OS is set up.
>
> I believe that .pgpass on *nix won't be used if it is readable by anyone
> except the current user.
No, root can always read it. On unix, there is one "root". On windows,
the concept of administrator is less clear.
> From the docs -
> The permissions on .pgpass must disallow any access to world or group;
> achieve this by the command chmod 0600 ~/.pgpass. If the permissions are
> less strict than this, the file will be ignored. (The file permissions
> are not currently checked on Microsoft Windows, however.)
>
> I would think that if they are using FAT filesystem (which is only
> partially supported for developers benefit) then they can't use pgpass.
If they are using FAT, the obviously don't care about the security of
the system anyway, so it's not a problem, IMHO. So we only have to care
about people who use NTFS.
>>> So to reach a situation where the file lives in an unprotected
>>> directory, you must actively open up the directory in question. Which is
>>> hidden from default view, so you really need to know what you're
>>> doing to
>>> get there.
>>>
>>> Not to mention it's a pain to define what permissions are ok and what
>>> are not. We're talking ACLs and not filemodes - so how do you decide
>>> which accounts are ok to have access, and which are not?
>
> I would say the same as the *nix version - if it is readable or writable
> by anyone except the current user it is potentially at risk, the current
> user connecting to pgsql is the only use for this file.
> Which I believe is the whole point of the TODO entry, stop anyone using
> the pgpass file without proper security.
Again, it's a lot harder to actually define it on Windows. What if your
user has access only through a group? What about DENY permissions.
Things like that.
> The other thing to consider is that pgpass is the file referenced by
> PGPASSFILE - the user can set this to point to a file anywhere on any
> drive available.
That's a very valid point though, didn't think about that.
Still doesn't take away the "how" part, though, but it does take away
part of the "why" part.
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2007-02-20 18:15:44 | Re: [GENERAL] Password issue revisited |
| Previous Message | Shane Ambler | 2007-02-20 17:49:49 | Re: Password issue revisited |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2007-02-20 18:15:44 | Re: [GENERAL] Password issue revisited |
| Previous Message | Shane Ambler | 2007-02-20 17:49:49 | Re: Password issue revisited |