Re: prevent connection using pgpass.conf

From: Guillaume Lelarge <guillaume(at)lelarge(dot)info>
To: Christophe Dore <c(dot)dore(at)castsoftware(dot)com>
Cc: rod(at)iol(dot)ie, pgsql-general(at)postgresql(dot)org
Subject: Re: prevent connection using pgpass.conf
Date: 2010-04-01 09:27:08
Message-ID: 4BB466EC.8020008@lelarge.info
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Le 01/04/2010 11:21, Christophe Dore a écrit :
> Thanks for answering
>
> Yes, you are right. This is a client-side file. However, our concern is
> that we have to consider this practice as a security issue. We'd like to
> ban this practice for our product which is, thus, wrapping PostgresQL
> engine. Thus my questions
>
> - is there any configuration that can be done on server side to prevent
> the client side to use such file to read passwords ?

No.

> - is there any options that can be set in postgres libpq C library to
> prevent the connection functions to search for password in files ?

Well, you need to change the source code and recompile libpq. But if
your user is "smart" enough to install the "right" libpq, they will be
able to use the pgpass file.

--
Guillaume.
http://www.postgresqlfr.org
http://dalibo.com

In response to

Browse pgsql-general by date

  From Date Subject
Next Message John R Pierce 2010-04-01 09:31:52 Re: prevent connection using pgpass.conf
Previous Message Christophe Dore 2010-04-01 09:21:51 Re: prevent connection using pgpass.conf