On Wed, Jul 8, 2015 at 2:46 PM, John R Pierce <pie...@hogranch.com> wrote:
> but what security does that gain you? if someone gets your > encrypted/hashed password, he can still log on. the pgpass file has to be > permissions 700, so only YOU (and root) can read it. > Exactly this. If you want a script to authenticate to postgres (or anything else) then somewhere you need something to be in the clear, whether it be the key to decrypt the password or a private key. If you can't trust the local file system and users, then you can't do what you want.
