On Sun, Feb 19, 2017 at 8:03 PM, Magnus Hagander <mag...@hagander.net> wrote: > If password auth is used, we have to store the password in plaintext > equivalent somewhere. Meaning it's by definition going to be exposed to > superusers and replication downstreams.
Another possibility is to mention the use of the new passfile parameter for connection strings in the docs... This removes the need to have plain passwords directly stored in the database. Not sure if that's better though because that still mean that the password is present in plain format somewhere. > Or are you suggesting a scheme > whereby you have to enter all your subscription passwords in a prompt of > some kind when starting the postmaster, to avoid it? Thinking about that now we could have a connection string parameter called for example password_command, that could be used for example with gpg2 to get back a decrypted password value. -- Michael -- Sent via pgsql-hackers mailing list (firstname.lastname@example.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers