Home > mailing lists

Re: PGPASSWORD in crypted form, for example BlowFish or SHA-256 - Mailing list pgsql-general

From	Tom Lane
Subject	Re: PGPASSWORD in crypted form, for example BlowFish or SHA-256
Date	September 19, 2019 17:09:57
Msg-id	22653.1568902197@sss.pgh.pa.us Whole thread Raw
In response to	PGPASSWORD in crypted form, for example BlowFish or SHA-256 (Matthias Apitz <guru@unixarea.de>)
List	pgsql-general

Tree view

Matthias Apitz <guru@unixarea.de> writes:
> Is there somehow an API in PG to use ciphered passwords and provide as a
> shared library the blob to decrypt it?

No.  Consider a non-password auth mechanism, for instance SSL
certificates.  You might find that an SSL certificate file
stored where libpq will find it is already about as secure as
what you're doing now.  If you want to jump through extra
hoops for more security, I think you can use ssh-agent to
hold the keys.

            regards, tom lane

pgsql-general by date:

From: Matthias Apitz
Date: 19 September 2019, 16:23:21
Subject: Re: PGPASSWORD in crypted form, for example BlowFish or SHA-256

From: Tom Lane
Date: 19 September 2019, 17:14:33
Subject: Re: n_live_tup count increase after vacuum

Re: PGPASSWORD in crypted form, for example BlowFish or SHA-256 - Mailing list pgsql-general

Previous

Next