| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Ow Mun Heng <ow(dot)mun(dot)heng(at)wdc(dot)com>, Tommy Gildseth <tommy(dot)gildseth(at)usit(dot)uio(dot)no>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Best way to "mask" password in DBLINK |
| Date: | 2009-08-12 13:48:53 |
| Message-ID: | 9892.1250084933@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Magnus Hagander <magnus(at)hagander(dot)net> writes:
>>> If I'm not mistaken, it's possible to put your password in the .pgpass
>>> file in the postgres-users home folder, on the server where the postgres
>>> cluster is running.
> You need to put it in the .pgpass file of the postgres user - the one
> that runs the server. .pgpass is dealt with by libpq, and DBLink and
> DBI-Link both use libpq to connect to the remote server.
Didn't we recently add a security fix to prevent non-superusers from
relying on the server's .pgpass file?
I think 8.4 provides a reasonable solution to this via the SQL/MED
additions. In previous releases it's hard to find a nice place to
keep the password for a dblink connection.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Verite | 2009-08-12 14:14:31 | Re: comparing NEW and OLD (any good this way?) |
| Previous Message | Bruno Baguette | 2009-08-12 12:30:33 | Re: Adding ACL notion to existing tables |