Postgres Pro
Downloads
Home   >   mailing lists

Re: [GENERAL] mysql_config_editor feature suggestion - Mailing list pgsql-general

From Adrian Klaver
Subject Re: [GENERAL] mysql_config_editor feature suggestion
Date
Msg-id 5538a259-7429-ab45-a1e8-7b7bb78f1046@aklaver.com
Whole thread Raw
In response to [GENERAL] mysql_config_editor feature suggestion  (Tom Ekberg <tekberg@uw.edu>)
List pgsql-general
Tree view 
On 03/21/2017 03:03 PM, Tom Ekberg wrote:
> I have been working with MySQL a bit (yes, I know, heresy) and
> encountered a program called mysql_config_editor. In my opinion it does
> a better job of local password management than using a ~/.pgpass file.
> Instead of assuming that a mode of 600 will keep people from peeking at
> your password, it encrypts the password, but keeps the other parameters
> like host, port and user available for viewing as plaintext. You can
> read more about it here:
>
>   https://dev.mysql.com/doc/refman/5.7/en/mysql-config-editor.html
>
> The host, user, password values are grouped into what are called login
> paths which are of the form:
>
>   [some_login_path]
>   host = localhost
>   user = localuser
>
> Just like the config files you have no doubt seen before. The only way
> to set a password is to use the command:
>
>   mysql_config_editor set --login-path=some_login_path --password
>
> which will prompt the user to enter the password for the specified login
> path. The password is never seen as plain text. There are other commands
> to set, remove, print and reset values for a login path. The print
> command that shows a password will display this instead:
>
>   password = *****
>
> Adding a similar feature for PostgreSQL will also require a change to
> the psql program to specify and handle --login-path used for
> authentication. This may also be the case for some of the other pg_*
> utilities.

Something like this?:

https://www.postgresql.org/docs/9.6/static/libpq-pgservice.html

with:

https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=ba005f193d88a8404e81db3df223cf689d64d75e

https://www.postgresql.org/docs/devel/static/libpq-connect.html#libpq-connect-passfile

The only thing lacking is that the passwords are not actually encrypted
in the file. Though there are other methods available then the md5
password authentication:

https://www.postgresql.org/docs/devel/static/auth-methods.html

>
> I think adding a feature like mysql_config_editor to PostgreSQL is an
> easy way to set up multiple "personalities" for connecting to different
> PostgreSQL servers. The password protection will deter the curious user
> from gaining access to your data. It will not stop a determined hacker,
> but the idea is to make it more difficult.
>
> Other than this mailing list, is there a way to make a feature request
> for PostgreSQL?
>
> Tom Ekberg
> Senior Computer Specialist, Lab Medicine
> University of Washington Medical Center
> 1959 NE Pacific St, MS 357110
> Seattle WA 98195
> work: (206) 598-8544
> email: tekberg@uw.edu
>
>
>
>


--
Adrian Klaver
adrian.klaver@aklaver.com

pgsql-general by date:

Previous
From: Adrian Klaver
Date:
Subject: Re: [GENERAL] The same query is too slow in some time of execution
Next
From: Rakesh Kumar
Date:
Subject: [GENERAL] Incremental / Level -1 backup in PG