Alban Hertroys wrote:
afaik, the .pgpass file is something the user creates with his text editor.
if it was encrypted or hashed, there would need to be a client side utility to
create it.
Yes of course, something like ssh-keygen(1) for example.
well, more like smbpasswd, I'd thi
On 13 Apr 2010, at 2:36, John R Pierce wrote:
> Alban Hertroys wrote:
>> Storing those passwords encrypted on the client side seems the proper way to
>> deal with this issue. IMHO, time working on that is better spent than time
>> trying to prevent .pgpass files from working.
>
> afaik, the .pg
Alban Hertroys wrote:
I have to say I was a bit surprised to find that .pgpass files store those
passwords as plain text though. Some method like ssh uses with public and
private keys would be an improvement IMO. Especially since we can choose to use
password encryption over the wire.
Storing
Magnus Hagander wrote:
> 2010/4/1 Christophe Dore :
> >
> > - is there any configuration that can be done on server side to prevent
> > the client side to use such file to read passwords ?
>
> No. It happens before the user ha slogged in, obviously.
>
>
> > - is there any options that can be set
On 1 Apr 2010, at 11:21, Christophe Dore wrote:
> Thanks for answering
>
> Yes, you are right. This is a client-side file. However, our concern is
> that we have to consider this practice as a security issue. We'd like to
> ban this practice for our product which is, thus, wrapping PostgresQL
> e
2010/4/1 Christophe Dore :
>
> - is there any configuration that can be done on server side to prevent
> the client side to use such file to read passwords ?
No. It happens before the user ha slogged in, obviously.
> - is there any options that can be set in postgres libpq C library to
> prevent
Christophe Dore wrote:
Thanks for answering
Yes, you are right. This is a client-side file. However, our concern is
that we have to consider this practice as a security issue. We'd like to
ban this practice for our product which is, thus, wrapping PostgresQL
engine. Thus my questions
- is there
Le 01/04/2010 11:21, Christophe Dore a écrit :
> Thanks for answering
>
> Yes, you are right. This is a client-side file. However, our concern is
> that we have to consider this practice as a security issue. We'd like to
> ban this practice for our product which is, thus, wrapping PostgresQL
> eng
27;Donnell [mailto:r...@iol.ie]
Sent: mercredi 31 mars 2010 19:00
To: Christophe Dore
Cc: pgsql-general@postgresql.org
Subject: Re: [GENERAL] prevent connection using pgpass.conf
On 31/03/2010 16:32, Christophe Dore wrote:
> Hi
>
> We are building a solution using some dedicated postgresql serve
On 31/03/2010 16:32, Christophe Dore wrote:
> Hi
>
> We are building a solution using some dedicated postgresql servers (and
> dedicated C++ and Java apps). For security reasons, we'd like to prevent
> users to connect (from our apps at least) to those servers with
> passwords stored in files such
On Wed, 2010-03-31 at 17:32 +0200, Christophe Dore wrote:
> Hi
>
> We are building a solution using some dedicated postgresql servers (and
> dedicated C++ and Java apps). For security reasons, we'd like to prevent
> users to connect (from our apps at least) to those servers with
> passwords stored
Hi
We are building a solution using some dedicated postgresql servers (and
dedicated C++ and Java apps). For security reasons, we'd like to prevent
users to connect (from our apps at least) to those servers with
passwords stored in files such as pgpass.conf.
Is there any configuration that can b
12 matches
Mail list logo
