CS DBA wrote: > We have an application running via a utility that want's clear text > passwords stored in it's config files. I know we can setup ident mapping > but the app doesn't play nice with password prompt requests. We could > set it's connections to trust but it kinda defeats the purpose security > wise. > > Any thoughts on best/common practices per connecting to postgres > securely without an interactive password prompt I personally think that having a clear text password stored on the application server is hardly more secure than allowing trust authentication for this host. Essentially you are facing the following conundrum: A program on a computer should be able to login without human interaction, but nothing else should. As far as I know, there is no good solution for this problem. You can try to hide or obfuscate the password (or other authentication tokens), but that won't keep a dedicated person logged into the computer from finding and abusing it. My opinion is that your best bet is to prevent access to the computer as much as possible, but not to care too much about how the computer authenticates with the database. Yours, Laurenz Albe -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
