----- Original Message ----- > From: "Alon Bar-Lev" <[email protected]> > To: "Keith Robertson" <[email protected]> > Cc: "Juan Hernandez" <[email protected]>, "engine-devel" > <[email protected]>, "pmatouse" <[email protected]> > Sent: Wednesday, May 1, 2013 9:40:13 PM > Subject: Re: [Engine-devel] Dropping encryption of database password > > > > ----- Original Message ----- > > From: "Keith Robertson" <[email protected]> > > To: "Alon Bar-Lev" <[email protected]> > > Cc: "Josh Bressers" <[email protected]>, "Juan Hernandez" > > <[email protected]>, "engine-devel" > > <[email protected]>, "pmatouse" <[email protected]>, "Sandro > > Bonazzola" <[email protected]> > > Sent: Wednesday, May 1, 2013 9:31:15 PM > > Subject: Re: [Engine-devel] Dropping encryption of database password > > > > On 05/01/2013 02:16 PM, Alon Bar-Lev wrote: > > > Thank you. > > > This is what I wrote in my initial post. > > > The only users who should access this password is ovirt user and root > > > user. > > > > > > Regards, > > > Alon Bar-Lev. > > > > > >> > > > Alon, > > I agree with the desire to store the PW in plaintext and in a > > non-obfuscated manner. In this case, obfuscation really doesn't gain > > anything. > > > > I would suggest; however, that the migration to plaintext be coordinated > > with a simultaneous patch to the the Log Collector. It does have a > > dependency on the current architecture. > > > > Keith > > > > Hi, > > As far as I know it reads the plain text from .pgpass, we need to modify it > to search within the alternate format as well.
We are using the original .pgpass file that is in 0600 mode ( have access only to root) If the file does not have this mode , it is ignored by Postgres I see no security issue in that ... Please see details in http://www.postgresql.org/docs/9.0/static/libpq-pgpass.html > > Thanks, > Alon > _______________________________________________ > Engine-devel mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/engine-devel > _______________________________________________ Engine-devel mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-devel
