| From: | John R Pierce <pierce(at)hogranch(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: prevent connection using pgpass.conf |
| Date: | 2010-04-01 09:31:52 |
| Message-ID: | 4BB46808.4060404@hogranch.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Christophe Dore wrote:
> Thanks for answering
>
> Yes, you are right. This is a client-side file. However, our concern is
> that we have to consider this practice as a security issue. We'd like to
> ban this practice for our product which is, thus, wrapping PostgresQL
> engine. Thus my questions
>
> - is there any configuration that can be done on server side to prevent
> the client side to use such file to read passwords ?
> - is there any options that can be set in postgres libpq C library to
> prevent the connection functions to search for password in files ?
>
where do you want the client apps to get the passwords from? hard
coded? an application read .inf file?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alban Hertroys | 2010-04-01 09:33:44 | Re: Prevent users to drop triggers applied on table |
| Previous Message | Guillaume Lelarge | 2010-04-01 09:27:08 | Re: prevent connection using pgpass.conf |