My software package will install PostGreSQL on the server, and clients will connect to it with a windows smart client application. What would be the best way to keep the PostGreSQL usernames and passwords secure?
I will be doing a silent install of the database, and obviously this will require a service username and password. Should I hardcode the service username and password? Or should I let the person installing the software enter their own username and password for the server?
Also, what should I do when it comes to the actual user for the database? How should I handle these details? This software will be installed on many different Pc’s by many different people.
Can I use OpenSSL to secure communications between the clients and the server?
Thanks