On 02/16/2017 05:57 AM, JP Jacoupy wrote:
> Hello,
>
> This might seem a pretty novice question but I can't find an answer.
>
> Can the password be stored in an encrypted way inside a service
> configuration file?
To be clear you are talking about this, correct?:
https://www.postgresql.org/docs/9.6/static/libpq-pgservice.html
If so then no as I understand it. Assuming you have password
authentication set up to md5, libpq takes care of doing the md5-hash
before sending it to the server. You do have the following options:
1) https://www.postgresql.org/docs/9.6/static/libpq-pgpass.html
2) https://www.postgresql.org/docs/9.6/static/libpq-envars.html
PGPASSWORD behaves the same as the password connection parameter. Use of
this environment variable is not recommended for security reasons, as
some operating systems allow non-root users to see process environment
variables via ps; instead consider using the ~/.pgpass file (see Section
32.15).
PGPASSFILE specifies the name of the password file to use for lookups.
If not set, it defaults to ~/.pgpass (see Section 32.15).
2) And coming in version 10:
http://paquier.xyz/postgresql-2/postgres-10-pgpassfile-connection/
>
> --
> Jacoupy Jean-Philippe
>
>
> Sent from ProtonMail <https://protonmail.ch>, encrypted email based in
> Switzerland.
>
>
--
Adrian Klaver
adrian.klaver@aklaver.com
