Search Postgresql Archives

Re: Password issue revisited

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Magnus Hagander wrote:
Are we sure we want to do this? (Sorry, didn't notice this thread last
time)

The default on *all* windows versions since NT 4.0 (which is when the
directory we use was added) will put this file in a protected directory.
Is there truly such a thing on a windows PC? All it takes is one Virus or Malware to gain access to the PC and anything stored in the
user profile is easy picking.
The virus and malware creators may not know about the pg_pass file now, but they will eventually. What about having a wallet type system where the user can create a pass phrase to protect a generated key that would get
loaded once per session.  That is how KDE allows users to store passwords.

I work at a large financial institution and if the auditors knew about the pg_pass being plain text, they would pretty much ban
it's use.

Anytime a password is sitting on a non encrypted file system, regardless of it's permissions it is potentially at risk.

--
Tony


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux