| From: | Vick Khera <vivek(at)khera(dot)org> |
|---|---|
| To: | John R Pierce <pierce(at)hogranch(dot)com> |
| Cc: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: encrypt psql password in unix script |
| Date: | 2015-07-08 19:06:51 |
| Message-ID: | CALd+dceKO-25YxFnjK9SEurKvoFsCWMKWL9F-rkzK09db23fjQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-sql |
On Wed, Jul 8, 2015 at 2:46 PM, John R Pierce <pierce(at)hogranch(dot)com> wrote:
> but what security does that gain you? if someone gets your
> encrypted/hashed password, he can still log on. the pgpass file has to be
> permissions 700, so only YOU (and root) can read it.
>
Exactly this. If you want a script to authenticate to postgres (or anything
else) then somewhere you need something to be in the clear, whether it be
the key to decrypt the password or a private key. If you can't trust the
local file system and users, then you can't do what you want.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Xavier Stevens | 2015-07-08 19:08:18 | Re: [SQL] encrypt psql password in unix script |
| Previous Message | Steve Midgley | 2015-07-08 19:01:02 | Re: encrypt psql password in unix script |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Xavier Stevens | 2015-07-08 19:08:18 | Re: [SQL] encrypt psql password in unix script |
| Previous Message | Steve Midgley | 2015-07-08 19:01:02 | Re: encrypt psql password in unix script |