Re: prevent connection using pgpass.conf - Mailing list pgsql-general

From Guillaume Lelarge
Subject Re: prevent connection using pgpass.conf
Date
Msg-id 4BB466EC.8020008@lelarge.info
Whole thread Raw
In response to Re: prevent connection using pgpass.conf  ("Christophe Dore" <c.dore@castsoftware.com>)
List pgsql-general
Le 01/04/2010 11:21, Christophe Dore a écrit :
> Thanks for answering
>
> Yes, you are right. This is a client-side file. However, our concern is
> that we have to consider this practice as a security issue. We'd like to
> ban this practice for our product which is, thus, wrapping PostgresQL
> engine. Thus my questions
>
> - is there any configuration that can be done on server side to prevent
> the client side to use such file to read passwords ?

No.

> - is there any options that can be set in postgres libpq C library to
> prevent the connection functions to search for password in files ?

Well, you need to change the source code and recompile libpq. But if
your user is "smart" enough to install the "right" libpq, they will be
able to use the pgpass file.


--
Guillaume.
 http://www.postgresqlfr.org
 http://dalibo.com

pgsql-general by date:

Previous
From: "Christophe Dore"
Date:
Subject: Re: prevent connection using pgpass.conf
Next
From: John R Pierce
Date:
Subject: Re: prevent connection using pgpass.conf