| From: | Guillaume Lelarge <guillaume(at)lelarge(dot)info> |
|---|---|
| To: | Tom Ekberg <tekberg(at)uw(dot)edu> |
| Cc: | PostgreSQL General <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: mysql_config_editor feature suggestion |
| Date: | 2017-03-21 22:28:10 |
| Message-ID: | CAECtzeXEQUu9gj0k4rq2n7BMXw85j-QhD2GUM-LWnT8JB4W2=w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
2017-03-21 23:03 GMT+01:00 Tom Ekberg <tekberg(at)uw(dot)edu>:
> I have been working with MySQL a bit (yes, I know, heresy) and encountered
> a program called mysql_config_editor. In my opinion it does a better job of
> local password management than using a ~/.pgpass file. Instead of assuming
> that a mode of 600 will keep people from peeking at your password, it
> encrypts the password, but keeps the other parameters like host, port and
> user available for viewing as plaintext. You can read more about it here:
>
> https://dev.mysql.com/doc/refman/5.7/en/mysql-config-editor.html
>
> The host, user, password values are grouped into what are called login
> paths which are of the form:
>
> [some_login_path]
> host = localhost
> user = localuser
>
> Just like the config files you have no doubt seen before. The only way to
> set a password is to use the command:
>
> mysql_config_editor set --login-path=some_login_path --password
>
> which will prompt the user to enter the password for the specified login
> path. The password is never seen as plain text. There are other commands to
> set, remove, print and reset values for a login path. The print command
> that shows a password will display this instead:
>
> password = *****
>
> Adding a similar feature for PostgreSQL will also require a change to the
> psql program to specify and handle --login-path used for authentication.
> This may also be the case for some of the other pg_* utilities.
>
> I think adding a feature like mysql_config_editor to PostgreSQL is an easy
> way to set up multiple "personalities" for connecting to different
> PostgreSQL servers. The password protection will deter the curious user
> from gaining access to your data. It will not stop a determined hacker, but
> the idea is to make it more difficult.
>
>
I'm wondering how it works. It stores the password encrypted in the
.mylogin.cnf file? and then the other tools can use the encrypted password
in this file to connect to the serveur without having to type a password?
In such a case, if I have access to this file, what prevents me to copy it
to another computer and connect without your authorization and without your
password? (which is exactly what you're afraid of with the .pgpass file)
> Other than this mailing list, is there a way to make a feature request for
> PostgreSQL?
>
>
This one is pretty good for this.
--
Guillaume.
http://blog.guillaume.lelarge.info
http://www.dalibo.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Steve Atkins | 2017-03-21 22:36:37 | Re: mysql_config_editor feature suggestion |
| Previous Message | Tom Ekberg | 2017-03-21 22:03:20 | mysql_config_editor feature suggestion |