Matt,
* Desidero (desid...@gmail.com) wrote:
> I agree that it would be better for us to use something other than LDAP,
If you happen to be using Active Directory, then you should really be
using Kerberos-based auth instead. AD includes both LDAP and a KDC and
the LDAP half is really *not* the w
Tom Lane wrote:
> On many platforms, it's possible for other users to see the environment
> variables of a process. So PGPASSWORD is really quite insecure.
As said in https://www.postgresql.org/docs/current/static/libpq-envars.html
"PGPASSWORD behaves the same as the password connecti
"Daniel Verite" writes:
> Desidero wrote:
>> When attempting to use something like an anonymous pipe for a
>> passfile, psql throws an error stating that it only accepts plain files
> So the script doing that has access to the password(s) in clear text.
> Can't it instead push the password
Desidero wrote:
> When attempting to use something like an anonymous pipe for a
> passfile, psql throws an error stating that it only accepts plain files
So the script doing that has access to the password(s) in clear text.
Can't it instead push the password into the PGPASSWORD
environmen
On 10/19/2017 09:20 AM, Desidero wrote:
> I agree that it would be better for us to use something other than
> LDAP, but unfortunately it's difficult to convince the powers that be
> that we can/should use something else that they are not yet prepared
> to properly manage/audit. We are working to
I agree that it would be better for us to use something other than LDAP,
but unfortunately it's difficult to convince the powers that be that we
can/should use something else that they are not yet prepared to properly
manage/audit. We are working towards it, but we're not there yet. It's not
really
On 10/19/2017 02:12 AM, Tom Lane wrote:
> Desidero writes:
>> I’m running into problems with the restriction on pgpass file types. When
>> attempting to use something like an anonymous pipe for a passfile, psql
>> throws an error stating that it only accepts plain files.
>> ...
>> Does anyone kn
Desidero writes:
> I’m running into problems with the restriction on pgpass file types. When
> attempting to use something like an anonymous pipe for a passfile, psql
> throws an error stating that it only accepts plain files.
> ...
> Does anyone know why it’s set up to avoid using things like ano
