| From: | Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com> |
|---|---|
| To: | Desidero <desidero(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: pgpass file type restrictions |
| Date: | 2017-10-19 13:44:18 |
| Message-ID: | 79480a76-2028-b348-1523-8b48f627fde4@2ndQuadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 10/19/2017 09:20 AM, Desidero wrote:
> I agree that it would be better for us to use something other than
> LDAP, but unfortunately it's difficult to convince the powers that be
> that we can/should use something else that they are not yet prepared
> to properly manage/audit. We are working towards it, but we're not
> there yet. It's not really an exuse, but until the industry password
> policies are modified to outright ban passwords, many businesses will
> probably be in this position.
>
> In any event, is the use case problematic enough that it would prevent
> the proposed changes from being implemented? I could submit a patch to
> postgres hackers if necessary, but if it's undesirable I can figure
> out something else.
>
Please don't top-post on the PostgreSQL lists.
You said you wanted to allow anonymous pipes, but I think what you
really want is a named pipe.
I don't see any reason in principle to disallow use of a named pipe as a
password file. It could be a bit of a footgun, though, since writing to
the fifo would block until it was opened by the client, so you'd need to
be very careful about that.
cheers
andrew
--
Andrew Dunstan https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Verite | 2017-10-19 13:56:59 | Re: pgpass file type restrictions |
| Previous Message | Desidero | 2017-10-19 13:20:10 | Re: pgpass file type restrictions |