On 21 February 2014 13:49, firoz e v firoz...@huawei.com wrote:
Hi,
Is there a way to store the password in “.pgpass” file in an encrypted
format (for example, to be used by pg_dump).
Even though, there are ways to set the permissions on .pgpass, to disallow
any access to world or
firoz e v wrote:
Hi,
Is there a way to store the password in .pgpass file in an encrypted format
(for example, to be used by pg_dump).
Even though, there are ways to set the permissions on .pgpass, to disallow
any access to world or group, the security rules of many organizations
Hi,
On 21/02/14 11:15, Alvaro Herrera wrote:
Maybe you can memfrob() the password to encrypt it before writing, and
then memfrob() it back before applying it. Would that be secure?
From `man memfrob`:
Note that this function is not a proper encryption routine as the XOR
constant is fixed,
On 21-02-2014 09:49, firoz e v wrote:
Even though, there are ways to set the permissions on .pgpass, to disallow
any access to world or group, the security rules of many organizations
disallow to hold any kind of passwords, as plain text.
Is your goal hiding the password in .pgpass? You
Euler Taveira wrote:
On 21-02-2014 09:49, firoz e v wrote:
Even though, there are ways to set the permissions on .pgpass, to disallow
any access to world or group, the security rules of many organizations
disallow to hold any kind of passwords, as plain text.
Is your goal hiding the
On 2014-02-21 12:04:47 -0300, Alvaro Herrera wrote:
You could instead try to have an authentication agent that stores an
encrypted password or certificate and asks the user to supply the key to
decrypt it when trying to establish a connection; but that would force
you to require user
On Fri, Feb 21, 2014 at 7:49 AM, firoz e v firoz...@huawei.com wrote:
Hi,
Is there a way to store the password in .pgpass file in an encrypted
format (for example, to be used by pg_dump).
Even though, there are ways to set the permissions on .pgpass, to disallow
any access to world or
On Fri, Feb 21, 2014 at 7:04 AM, Alvaro Herrera alvhe...@2ndquadrant.comwrote:
Euler Taveira wrote:
On 21-02-2014 09:49, firoz e v wrote:
Even though, there are ways to set the permissions on .pgpass, to
disallow any access to world or group, the security rules of many
organizations
Jeff Janes escribió:
On Fri, Feb 21, 2014 at 7:04 AM, Alvaro Herrera
alvhe...@2ndquadrant.comwrote:
If you were to have a mechanism by which
libpq can store an md5'd password (or whatever hash) and send that md5
to the server and have the server accept it to grant a connection, then
On 02/22/2014 12:20 AM, Alvaro Herrera wrote:
Jeff Janes escribió:
On Fri, Feb 21, 2014 at 7:04 AM, Alvaro Herrera
alvhe...@2ndquadrant.comwrote:
If you were to have a mechanism by which
libpq can store an md5'd password (or whatever hash) and send that md5
to the server and have the
On 02/21/2014 11:52 PM, Christopher Browne wrote:
The thing you could do instead that would *look* like it is encrypted is
to use a certificate (e.g. - SSL). The certificate that you'd need to
put on the client still needs to be in something that is effectively
plain text (however much it
Hi,
On 21 Únor 2014, 16:52, Christopher Browne wrote:
On Fri, Feb 21, 2014 at 7:49 AM, firoz e v firoz...@huawei.com wrote:
Hi,
Is there a way to store the password in .pgpass file in an encrypted
format (for example, to be used by pg_dump).
Even though, there are ways to set the
On Fri, Feb 21, 2014 at 8:42 AM, Craig Ringer cr...@2ndquadrant.com wrote:
On 02/22/2014 12:20 AM, Alvaro Herrera wrote:
Jeff Janes escribió:
On Fri, Feb 21, 2014 at 7:04 AM, Alvaro Herrera
alvhe...@2ndquadrant.comwrote:
If you were to have a mechanism by which
libpq can store an
I think this thread deserves more attention:
http://www.postgresql.org/message-id/caazkufajufddfp1_vghbdfyru0sj6msovvkrp87acq53ov6...@mail.gmail.com
--
Álvaro Herrerahttp://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training Services
--
Sent via pgsql-hackers
On Fri, Feb 21, 2014 at 10:42 AM, Alvaro Herrera
alvhe...@2ndquadrant.com wrote:
I think this thread deserves more attention:
http://www.postgresql.org/message-id/caazkufajufddfp1_vghbdfyru0sj6msovvkrp87acq53ov6...@mail.gmail.com
(I wrote that mail)
I'm still in interested in this idea and
On 02/21/2014 09:11 AM, Tomas Vondra wrote:
What I think might be useful and safe at the same time is encrypted
.pgpass with tools asking for the encryption key. Think of it as a simple
passord wallet - not really useful if you're connecting to a single
database, very useful if you have many
On 22.2.2014 00:02, Josh Berkus wrote:
On 02/21/2014 09:11 AM, Tomas Vondra wrote:
What I think might be useful and safe at the same time is encrypted
.pgpass with tools asking for the encryption key. Think of it as a simple
passord wallet - not really useful if you're connecting to a single
On Fri, Feb 21, 2014 at 10:18 PM, Daniel Farina dan...@heroku.com wrote:
I'm still in interested in this idea and haven't found a good reason
to rescind the general thinking there.
It's an interesting idea. I wonder if it would be possible to make it
compatible with existing tools like
On 02/21/2014 03:54 PM, Tomas Vondra wrote:
Depends on how you define external utility. It certainly needs to be
somehow integrated with the tools using .pgpass. Do you have something
particular in mind?
Yeah, I was thinking that the ideal would to be to make this generically
pluggable, like
On Fri, Feb 21, 2014 at 6:15 PM, Greg Stark st...@mit.edu wrote:
On Fri, Feb 21, 2014 at 10:18 PM, Daniel Farina dan...@heroku.com wrote:
I'm still in interested in this idea and haven't found a good reason
to rescind the general thinking there.
It's an interesting idea. I wonder if it would
20 matches
Mail list logo