Please keep the list in CC.
ferraresso@tin.it wrote:
> - using trust is not an options on a production system;
It isn't if you are very security concious.
I normally use trust authentication, limited to one IP address,
a user and the database "replication", on production systems.
> - disable the log can be a solution, but:
> the password will still be transmitted trought the net in clear form;
> the log can be useful when looking for problem. Disabling the log is a thing that I prefer not to do;
> I have to remember to do the disable of log every time I create the replication, well,
> I can do, but meybe was better to have that inside the same command, like CREATE USER.
On the other hand, if you are very security conscious, you will
use SSL encrypted database connections.
True, it is annoying that the password is transmitted and might
be logged if you are not careful, but things are even worse:
The connection string is stored in "pg_subscription", and any
superuser can SELECT it from that table.
One option for you might be to use a password file on the server
and not put the password into the connection string.
You have to have the password *somewhere* for the standby to connect
to the primary.
Yours,
Laurenz Albe
