Re: Have an encrypted pgpass file
| От | Jeremy Schneider |
|---|---|
| Тема | Re: Have an encrypted pgpass file |
| Дата | |
| Msg-id | 29bdeaa4-27b6-7a6c-5b96-c82ba0f55ead@amazon.com обсуждение исходный текст |
| Ответ на | Re: Have an encrypted pgpass file (Robert Haas <robertmhaas@gmail.com>) |
| Список | pgsql-hackers |
On 7/23/18 08:07, Robert Haas wrote: > This objection seems akin to > saying "we're not going to let you drive because you might crash the > car". There are *some* people who should not be allowed to get behind > the wheel, but this proposal seems analogous to banning *everyone* > from driving on the theory that car crashes are bad. I think that's > an overreaction. I would second this. There will always be lots of ways people can shoot themselves in the foot. Our goal should be helping packagers make sure the out-of-box setup is secure, and providing an extensible and flexible product which can be customized to meet both mainstream and eclectic use cases. On 7/23/18 08:07, Robert Haas wrote: > I think that the most common use case is likely to be to get the data > from a local or remote keyserver. This was also my thought. In fact, in the case of token-based authentication schemes, today you'd have to have a cron job get a new token every N minutes and rewrite the pgpass file. This patch enables users to build far more elegant solutions under those schemes. I gave the patch a spin on a linux box, and it works as expected. If we can address the windows bit, then I'd support the idea of adding this capability to libpq. -Jeremy -- Jeremy Schneider Database Engineer Amazon Web Services
В списке pgsql-hackers по дате отправления: