Re: Best way to "mask" password in DBLINK

On Wed, Aug 12, 2009 at 10:01, Ow Mun Heng<ow.mun.heng@wdc.com> wrote:
>
>
> -----Original Message-----
> From: Magnus Hagander [mailto:magnus@hagander.net]
> On Wed, Aug 12, 2009 at 09:30, Ow Mun Heng<ow.mun.heng@wdc.com> wrote:
>>>
>>> From: Tommy Gildseth [mailto:tommy.gildseth@usit.uio.no]
>>>
>>> Ow Mun Heng wrote:
>>>>> I'm starting to use DBLink / DBI-Link and one of the "bad" things is
>>>>that
>>>>> the password is out in the clear.
>>>>> What can I do to prevent it from being such? How do I protect it from
>>>>> 'innocent' users?
>>>
>>>>If I'm not mistaken, it's possible to put your password in the .pgpass
>>>>file in the postgres-users home folder, on the server where the postgres
>>>>cluster is running.
>>>
>>> Isn't that how one connects using the CLI? Eg: via psql?
>
>>You need to put it in the .pgpass file of the postgres user - the one
>>that runs the server. .pgpass is dealt with by libpq, and DBLink and
>>DBI-Link both use libpq to connect to the remote server.
>
> The View is owned by the user "operator" not postgres
> Does it make a difference?

No, we're talking about operating system user here, not postgres user.
So the owner of the database object is irrelevant - only the user that
the backend process is executing as.



--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/