Re: [GENERAL] Service configuration file and password security
| От | Adrian Klaver |
|---|---|
| Тема | Re: [GENERAL] Service configuration file and password security |
| Дата | |
| Msg-id | 28f0225f-efb6-e22f-d0bf-241a789c40e8@aklaver.com обсуждение исходный текст |
| Ответ на | [GENERAL] Service configuration file and password security (JP Jacoupy <jpjacoupy@protonmail.com>) |
| Список | pgsql-general |
On 02/16/2017 05:57 AM, JP Jacoupy wrote: > Hello, > > This might seem a pretty novice question but I can't find an answer. > > Can the password be stored in an encrypted way inside a service > configuration file? To be clear you are talking about this, correct?: https://www.postgresql.org/docs/9.6/static/libpq-pgservice.html If so then no as I understand it. Assuming you have password authentication set up to md5, libpq takes care of doing the md5-hash before sending it to the server. You do have the following options: 1) https://www.postgresql.org/docs/9.6/static/libpq-pgpass.html 2) https://www.postgresql.org/docs/9.6/static/libpq-envars.html PGPASSWORD behaves the same as the password connection parameter. Use of this environment variable is not recommended for security reasons, as some operating systems allow non-root users to see process environment variables via ps; instead consider using the ~/.pgpass file (see Section 32.15). PGPASSFILE specifies the name of the password file to use for lookups. If not set, it defaults to ~/.pgpass (see Section 32.15). 2) And coming in version 10: http://paquier.xyz/postgresql-2/postgres-10-pgpassfile-connection/ > > -- > Jacoupy Jean-Philippe > > > Sent from ProtonMail <https://protonmail.ch>, encrypted email based in > Switzerland. > > -- Adrian Klaver adrian.klaver@aklaver.com
В списке pgsql-general по дате отправления: