Christophe Dore wrote:
Thanks for answering Yes, you are right. This is a client-side file. However, our concern is that we have to consider this practice as a security issue. We'd like to ban this practice for our product which is, thus, wrapping PostgresQL engine. Thus my questions - is there any configuration that can be done on server side to prevent the client side to use such file to read passwords ? - is there any options that can be set in postgres libpq C library to prevent the connection functions to search for password in files ?
where do you want the client apps to get the passwords from? hard coded? an application read .inf file?
-- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
