| From: | rob stone <floriparob(at)gmail(dot)com> |
|---|---|
| To: | Matthias Apitz <guru(at)unixarea(dot)de>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: PGPASSWORD in crypted form, for example BlowFish or SHA-256 |
| Date: | 2019-09-20 01:45:11 |
| Message-ID: | 61030190ab24e39df8ebfd895b60ef4f90174fc2.camel@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, 2019-09-19 at 15:23 +0200, Matthias Apitz wrote:
> El día Thursday, September 19, 2019 a las 10:31:01PM +1000, rob stone
> escribió:
>
> >
> > https://www.postgresql.org/docs/11/auth-password.html
> >
> > Chapters 20.5 and 20.6 may give you more information.
>
> The form of the password hash store in the PG server or interchange
> over
> the network is not my question. The question is more: When the Linux
> server starts and with this the (ESQL/C written) application servers
> are
> starting, they need the password to connect and this is not provided
> at
> this moment from some keyboard or humanbeing. It must be stored on
> the
> server and available in clear for the server, but not for other eyes
> on
> the server, i.e. the place of the sorage must be ciphered.
>
> matthias
>
Sorry. More caffeine needed.
If you use pg_service.conf you could write a little program to encrypt
the password and store it in this file in its encrypted form.
Then you application obtains the connection credentials from
pg_service.conf, de-encrypts the password and is then able to form the
connection string to access the required database.
HTH,
Robert
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Lewis | 2019-09-20 04:01:28 | Re: problems importing from csv |
| Previous Message | Ron | 2019-09-19 22:37:28 | Re: is it safe to drop 25 tb schema with cascade option? |