Re: Storing the password in .pgpass file in an encrypted format
| От | Craig Ringer |
|---|---|
| Тема | Re: Storing the password in .pgpass file in an encrypted format |
| Дата | |
| Msg-id | 5307838D.9050805@2ndquadrant.com обсуждение исходный текст |
| Ответ на | Re: Storing the password in .pgpass file in an encrypted format (Christopher Browne <cbbrowne@gmail.com>) |
| Список | pgsql-hackers |
On 02/21/2014 11:52 PM, Christopher Browne wrote: > > The thing you could do instead that would *look* like it is encrypted is > to use a certificate (e.g. - SSL). The certificate that you'd need to > put on the client still needs to be in something that is effectively > plain text (however much it looks like nonsensical encrypted text). Yep, though the certificate private key may well be stored encrypted with a passphrase that must be entered via direct user interaction. It looks like doing it with OpenSSL for libpq you might be able to set a passphrase callback routine to prompt the user to decrypt a client certificate. With PgJDBC you use JSSE's keystore support. Client certificates are a *much* stronger way to do this. Another good option can be Kerberos. Either way, encrypting .pgpass seems utterly pointless. -- Craig Ringer http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services
В списке pgsql-hackers по дате отправления: