Search Postgresql Archives

Re: mysql_config_editor feature suggestion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/21/2017 03:03 PM, Tom Ekberg wrote:
I have been working with MySQL a bit (yes, I know, heresy) and
encountered a program called mysql_config_editor. In my opinion it does
a better job of local password management than using a ~/.pgpass file.
Instead of assuming that a mode of 600 will keep people from peeking at
your password, it encrypts the password, but keeps the other parameters
like host, port and user available for viewing as plaintext. You can
read more about it here:

  https://dev.mysql.com/doc/refman/5.7/en/mysql-config-editor.html

The host, user, password values are grouped into what are called login
paths which are of the form:

  [some_login_path]
  host = localhost
  user = localuser

Just like the config files you have no doubt seen before. The only way
to set a password is to use the command:

  mysql_config_editor set --login-path=some_login_path --password

which will prompt the user to enter the password for the specified login
path. The password is never seen as plain text. There are other commands
to set, remove, print and reset values for a login path. The print
command that shows a password will display this instead:

  password = *****

Adding a similar feature for PostgreSQL will also require a change to
the psql program to specify and handle --login-path used for
authentication. This may also be the case for some of the other pg_*
utilities.

Something like this?:

https://www.postgresql.org/docs/9.6/static/libpq-pgservice.html

with:

https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=ba005f193d88a8404e81db3df223cf689d64d75e

https://www.postgresql.org/docs/devel/static/libpq-connect.html#libpq-connect-passfile

The only thing lacking is that the passwords are not actually encrypted in the file. Though there are other methods available then the md5 password authentication:

https://www.postgresql.org/docs/devel/static/auth-methods.html


I think adding a feature like mysql_config_editor to PostgreSQL is an
easy way to set up multiple "personalities" for connecting to different
PostgreSQL servers. The password protection will deter the curious user
from gaining access to your data. It will not stop a determined hacker,
but the idea is to make it more difficult.

Other than this mailing list, is there a way to make a feature request
for PostgreSQL?

Tom Ekberg
Senior Computer Specialist, Lab Medicine
University of Washington Medical Center
1959 NE Pacific St, MS 357110
Seattle WA 98195
work: (206) 598-8544
email: tekberg@xxxxxx






--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx


--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux