Home > mailing lists

Re: Storing the password in .pgpass file in an encrypted format - Mailing list pgsql-hackers

From	Christian Kruse
Subject	Re: Storing the password in .pgpass file in an encrypted format
Date	February 21, 2014 17:28:57
Msg-id	20140221142851.GA16533@defunct.ch Whole thread Raw
In response to	Re: Storing the password in .pgpass file in an encrypted format (Alvaro Herrera <alvherre@2ndquadrant.com>)
List	pgsql-hackers

Tree view

Hi,

On 21/02/14 11:15, Alvaro Herrera wrote:
> Maybe you can memfrob() the password to encrypt it before writing, and
> then memfrob() it back before applying it.  Would that be secure?

From `man memfrob`:
Note that this function is not a proper encryption routine as the XORconstant is fixed, and is only suitable for hiding
strings.

No, it is not secure. And I agree, encrypting .pgpass doesn't make
sense. Either you have a known key and then encryption is useless or
you have to provide a key at runtime and then .pgpass is useless.

Best regards,

-- Christian Kruse               http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services

pgsql-hackers by date:

From: Alvaro Herrera
Date: 21 February 2014, 17:15:27
Subject: Re: Storing the password in .pgpass file in an encrypted format

From: Euler Taveira
Date: 21 February 2014, 17:50:19
Subject: Re: Storing the password in .pgpass file in an encrypted format

Re: Storing the password in .pgpass file in an encrypted format - Mailing list pgsql-hackers

Previous

Next