Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens
| От | Bruce Momjian |
|---|---|
| Тема | Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens |
| Дата | |
| Msg-id | 200111282013.fASKDtY02414@candle.pha.pa.us обсуждение исходный текст |
| Ответ на | Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
> Bruce Momjian <pgman@candle.pha.pa.us> writes: > > The idea of allowing the password to be stored in a file with 600 > > permissions seems quite standard. CVS does this. > > Seems it would be nice if psql could accept a switch along the lines of > --password-is-in-file filename > and go off to read the password from the named file (which we hope is > secured correctly). We can check security of the file if we wish. > Or take it a little further: what about defining a PGPASSWORDFILE > environment variable that libpq would consult, before or instead of > PGPASSWORD? That would give us the same feature for free across all > libpq-using apps, not only psql. Exposing a file name in the > environment is not a security risk, I hope. Yes, seems like a good idea. Seems we may need both. Either we allow multiple host/password combinations in the file or we need a psql flag, but then again, a psql flag doesn't cover the other interfaces. We could require they use one password file per host. Added to TODO: * Add PGPASSWORDFILE password file capability to libpq and psql flag -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania19026
В списке pgsql-hackers по дате отправления: