On 02/16/2017 05:57 AM, JP Jacoupy wrote:
Hello,
This might seem a pretty novice question but I can't find an answer.
Can the password be stored in an encrypted way inside a service
configuration file?
To be clear you are talking about this, correct?:
https://www.postgresql.org/docs/9.6/static/libpq-pgservice.html
If so then no as I understand it. Assuming you have password
authentication set up to md5, libpq takes care of doing the md5-hash
before sending it to the server. You do have the following options:
1) https://www.postgresql.org/docs/9.6/static/libpq-pgpass.html
2) https://www.postgresql.org/docs/9.6/static/libpq-envars.html
PGPASSWORD behaves the same as the password connection parameter. Use of
this environment variable is not recommended for security reasons, as
some operating systems allow non-root users to see process environment
variables via ps; instead consider using the ~/.pgpass file (see Section
32.15).
PGPASSFILE specifies the name of the password file to use for lookups.
If not set, it defaults to ~/.pgpass (see Section 32.15).
2) And coming in version 10:
http://paquier.xyz/postgresql-2/postgres-10-pgpassfile-connection/
--
Jacoupy Jean-Philippe
Sent from ProtonMail <https://protonmail.ch>, encrypted email based in
Switzerland.
--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
