Re: BUG #16450: Recovery.conf file shows clear text password.
| От | Magnus Hagander |
|---|---|
| Тема | Re: BUG #16450: Recovery.conf file shows clear text password. |
| Дата | |
| Msg-id | CABUevExhD-aU8++xn40Z4R6EX7fvN541t+wZTx-JMZQz=9AAGA@mail.gmail.com обсуждение исходный текст |
| Ответ на | BUG #16450: Recovery.conf file shows clear text password. (PG Bug reporting form <noreply@postgresql.org>) |
| Список | pgsql-bugs |
On Mon, May 18, 2020 at 11:41 AM PG Bug reporting form <noreply@postgresql.org> wrote:
The following bug has been logged on the website:
Bug reference: 16450
Logged by: yi Ding
Email address: abcxiaod@126.com
PostgreSQL version: 10.12
Operating system: linux
Description:
cat recovery.conf
standby_mode = 'on'
primary_conninfo = 'host=2019::abcd:516 port=6755 user=test
application_name=sb2019abcd516 password=8d5s256fhHJ keepalives_idle=60
keepalives_interval=5 keepalives_count=5 sslmode=disable'
recovery_target_timeline = 'latest'
As PostgreSQL needs the password to connect to a service requiring a password, it has to be stored either in plantext or plaintext-equivalent.
You can avoid this by using an authentication method that does not require a password to be stored, such as Kerberos/gssapi or certificate. Nevertheless, the client side of the connection needs to store the credentials for access *in some way*, but for example with certificate authentication method you could use a smartcard or yubikey or similar to store it.
В списке pgsql-bugs по дате отправления: