Re: [GENERAL] mysql_config_editor feature suggestion
| От | Adrian Klaver |
|---|---|
| Тема | Re: [GENERAL] mysql_config_editor feature suggestion |
| Дата | |
| Msg-id | 5538a259-7429-ab45-a1e8-7b7bb78f1046@aklaver.com обсуждение исходный текст |
| Ответ на | [GENERAL] mysql_config_editor feature suggestion (Tom Ekberg <tekberg@uw.edu>) |
| Список | pgsql-general |
On 03/21/2017 03:03 PM, Tom Ekberg wrote: > I have been working with MySQL a bit (yes, I know, heresy) and > encountered a program called mysql_config_editor. In my opinion it does > a better job of local password management than using a ~/.pgpass file. > Instead of assuming that a mode of 600 will keep people from peeking at > your password, it encrypts the password, but keeps the other parameters > like host, port and user available for viewing as plaintext. You can > read more about it here: > > https://dev.mysql.com/doc/refman/5.7/en/mysql-config-editor.html > > The host, user, password values are grouped into what are called login > paths which are of the form: > > [some_login_path] > host = localhost > user = localuser > > Just like the config files you have no doubt seen before. The only way > to set a password is to use the command: > > mysql_config_editor set --login-path=some_login_path --password > > which will prompt the user to enter the password for the specified login > path. The password is never seen as plain text. There are other commands > to set, remove, print and reset values for a login path. The print > command that shows a password will display this instead: > > password = ***** > > Adding a similar feature for PostgreSQL will also require a change to > the psql program to specify and handle --login-path used for > authentication. This may also be the case for some of the other pg_* > utilities. Something like this?: https://www.postgresql.org/docs/9.6/static/libpq-pgservice.html with: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=ba005f193d88a8404e81db3df223cf689d64d75e https://www.postgresql.org/docs/devel/static/libpq-connect.html#libpq-connect-passfile The only thing lacking is that the passwords are not actually encrypted in the file. Though there are other methods available then the md5 password authentication: https://www.postgresql.org/docs/devel/static/auth-methods.html > > I think adding a feature like mysql_config_editor to PostgreSQL is an > easy way to set up multiple "personalities" for connecting to different > PostgreSQL servers. The password protection will deter the curious user > from gaining access to your data. It will not stop a determined hacker, > but the idea is to make it more difficult. > > Other than this mailing list, is there a way to make a feature request > for PostgreSQL? > > Tom Ekberg > Senior Computer Specialist, Lab Medicine > University of Washington Medical Center > 1959 NE Pacific St, MS 357110 > Seattle WA 98195 > work: (206) 598-8544 > email: tekberg@uw.edu > > > > -- Adrian Klaver adrian.klaver@aklaver.com
В списке pgsql-general по дате отправления: