From: | rob stone <floriparob(at)gmail(dot)com> |
---|---|
To: | Matthias Apitz <guru(at)unixarea(dot)de>, pgsql-general(at)lists(dot)postgresql(dot)org |
Subject: | Re: PGPASSWORD in crypted form, for example BlowFish or SHA-256 |
Date: | 2019-09-19 12:31:01 |
Message-ID: | afd6ab3f589bc44b79959623e58079e7b2223f51.camel@gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Hello,
On Thu, 2019-09-19 at 12:30 +0200, Matthias Apitz wrote:
> Hello,
>
> Our software, a huge ILS, is running on Linux with DBS Sybase. To
> connect to the Sybase server (over the network, even on localhost),
> credentials must be known: a user (say 'sisis') and its password.
>
> For Sybase we have them stored on the disk of the system in a file
> syb.npw as:
>
> $ cat /opt/lib/sisis/etc/syb/syb.npw
> sisis:e53902b9923ab2fb
> sa:64406def48efca8c
>
> for the user 'sisis' and the administrator 'sa'. Our software has as
> shared library a blob which knows how to decrypt the password hash
> above
> shown as 'e53902b9923ab2fb' into clear text which is then used in the
> ESQL/C or Java layer to connect to the Sybase server.
>
> For PostgreSQL the password must be typed in (for pgsql) or can be
> provided in an environment variable PGPASSWORD=blabla
>
> Is there somehow an API in PG to use ciphered passwords and provide
> as a
> shared library the blob to decrypt it? If not, we will use the
> mechanism same as
> we use for Sybase. Or any other idea to not make detectable the
> credentials? This was a request of our customers some years ago.
>
> matthias
>
>
https://www.postgresql.org/docs/11/auth-password.html
Chapters 20.5 and 20.6 may give you more information.
HTH,
Robert
From | Date | Subject | |
---|---|---|---|
Next Message | Steve Litt | 2019-09-19 12:48:42 | Re: PostgreSQL License |
Previous Message | Jason Ralph | 2019-09-19 12:04:21 | n_live_tup count increase after vacuum |