From: | Guillaume Lelarge <guillaume(at)lelarge(dot)info> |
---|---|
To: | Christophe Dore <c(dot)dore(at)castsoftware(dot)com> |
Cc: | rod(at)iol(dot)ie, pgsql-general(at)postgresql(dot)org |
Subject: | Re: prevent connection using pgpass.conf |
Date: | 2010-04-01 09:27:08 |
Message-ID: | 4BB466EC.8020008@lelarge.info |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Le 01/04/2010 11:21, Christophe Dore a écrit :
> Thanks for answering
>
> Yes, you are right. This is a client-side file. However, our concern is
> that we have to consider this practice as a security issue. We'd like to
> ban this practice for our product which is, thus, wrapping PostgresQL
> engine. Thus my questions
>
> - is there any configuration that can be done on server side to prevent
> the client side to use such file to read passwords ?
No.
> - is there any options that can be set in postgres libpq C library to
> prevent the connection functions to search for password in files ?
Well, you need to change the source code and recompile libpq. But if
your user is "smart" enough to install the "right" libpq, they will be
able to use the pgpass file.
--
Guillaume.
http://www.postgresqlfr.org
http://dalibo.com
From | Date | Subject | |
---|---|---|---|
Next Message | John R Pierce | 2010-04-01 09:31:52 | Re: prevent connection using pgpass.conf |
Previous Message | Christophe Dore | 2010-04-01 09:21:51 | Re: prevent connection using pgpass.conf |