Re: user privilages for executing pg_autovacuum?
От | Zlatko Matic |
---|---|
Тема | Re: user privilages for executing pg_autovacuum? |
Дата | |
Msg-id | 004301c5d0aa$3f8dea10$52bffea9@zlatkovyfkpgz6 обсуждение исходный текст |
Ответ на | user privilages for executing pg_autovacuum? (Zlatko Matić <zlatko.matic1@sb.t-com.hr>) |
Список | pgsql-general |
No, I didn't try ident authentication... It seems to me that security issues should be passd to client company's system administrator ? ----- Original Message ----- From: "Jim C. Nasby" <jnasby@pervasive.com> To: "Zlatko Matic" <zlatko.matic1@sb.t-com.hr> Cc: "Tom Lane" <tgl@sss.pgh.pa.us>; "Matthew T. O'Connor" <matthew@zeut.net>; <pgsql-general@postgresql.org> Sent: Thursday, October 13, 2005 9:35 PM Subject: Re: [GENERAL] user privilages for executing pg_autovacuum? > AFAIK you can't, and there's not really much point anyway. Anyone with > taccess to that file will be able to connect to the database. > > Have you looked at using ident authentication on localhost? > > On Wed, Oct 12, 2005 at 10:12:31AM +0200, Zlatko Matic wrote: >> If I put password in pgpass file it's still a plain text. How to hide it >> ? >> >> ----- Original Message ----- >> From: "Jim C. Nasby" <jnasby@pervasive.com> >> To: "Tom Lane" <tgl@sss.pgh.pa.us> >> Cc: "Zlatko Mati?" <zlatko.matic1@sb.t-com.hr>; "Matthew T. O'Connor" >> <matthew@zeut.net>; <pgsql-general@postgresql.org> >> Sent: Wednesday, October 12, 2005 1:14 AM >> Subject: Re: [GENERAL] user privilages for executing pg_autovacuum? >> >> >> >On Tue, Oct 11, 2005 at 02:39:24PM -0400, Tom Lane wrote: >> >>=?iso-8859-2?Q?Zlatko_Mati=E6?= <zlatko.matic1@sb.t-com.hr> writes: >> >>> That's the reason why I ask. If a user that executes pg_autovacuum >> >>> must >> >>> be >> >>> owner of tables or a superuser, that it is a security problem to pass >> >>> password as plain text... >> >>> How peple solve this problem ? >> >> >> >>Put the password in a ~/.pgpass file belonging to the user that runs >> >>the >> >>autovacuum task. >> > >> >Or you can run pg_autovacuum on the server itself and allow ident >> >authentication for unix sockets (assuming you're on unix/linux). >> >-- >> >Jim C. Nasby, Sr. Engineering Consultant jnasby@pervasive.com >> >Pervasive Software http://pervasive.com work: 512-231-6117 >> >vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461 >> > >> >---------------------------(end of broadcast)--------------------------- >> >TIP 3: Have you checked our extensive FAQ? >> > >> > http://www.postgresql.org/docs/faq >> >> >> ---------------------------(end of broadcast)--------------------------- >> TIP 5: don't forget to increase your free space map settings >> > > -- > Jim C. Nasby, Sr. Engineering Consultant jnasby@pervasive.com > Pervasive Software http://pervasive.com work: 512-231-6117 > vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461 > > ---------------------------(end of broadcast)--------------------------- > TIP 9: In versions below 8.0, the planner will ignore your desire to > choose an index scan if your joining column's datatypes do not > match
В списке pgsql-general по дате отправления: