Christophe Dore wrote:
Thanks for answering
Yes, you are right. This is a client-side file. However, our concern is
that we have to consider this practice as a security issue. We'd like to
ban this practice for our product which is, thus, wrapping PostgresQL
engine. Thus my questions
- is there any configuration that can be done on server side to prevent
the client side to use such file to read passwords ?
- is there any options that can be set in postgres libpq C library to
prevent the connection functions to search for password in files ?
where do you want the client apps to get the passwords from? hard
coded? an application read .inf file?
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
