On Wed, Aug 12, 2009 at 10:01, Ow Mun Heng<ow.mun.heng@xxxxxxx> wrote: > > > -----Original Message----- > From: Magnus Hagander [mailto:magnus@xxxxxxxxxxxx] > On Wed, Aug 12, 2009 at 09:30, Ow Mun Heng<ow.mun.heng@xxxxxxx> wrote: >>> >>> From: Tommy Gildseth [mailto:tommy.gildseth@xxxxxxxxxxx] >>> >>> Ow Mun Heng wrote: >>>>> I'm starting to use DBLink / DBI-Link and one of the "bad" things is >>>>that >>>>> the password is out in the clear. >>>>> What can I do to prevent it from being such? How do I protect it from >>>>> 'innocent' users? >>> >>>>If I'm not mistaken, it's possible to put your password in the .pgpass >>>>file in the postgres-users home folder, on the server where the postgres >>>>cluster is running. >>> >>> Isn't that how one connects using the CLI? Eg: via psql? > >>You need to put it in the .pgpass file of the postgres user - the one >>that runs the server. .pgpass is dealt with by libpq, and DBLink and >>DBI-Link both use libpq to connect to the remote server. > > The View is owned by the user "operator" not postgres > Does it make a difference? No, we're talking about operating system user here, not postgres user. So the owner of the database object is irrelevant - only the user that the backend process is executing as. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
