Postgres Pro
Downloads
Home   >   mailing lists

Re: scram-sha-256 encrypted password in pgpass - Mailing list pgsql-admin

From Adrian Klaver
Subject Re: scram-sha-256 encrypted password in pgpass
Date
Msg-id 582060cb-79b9-1091-e464-dd8ee45c8624@aklaver.com
Whole thread Raw
In response to Re: scram-sha-256 encrypted password in pgpass  (Pavan Kumar <pavan.dba27@gmail.com>)
Responses Re: scram-sha-256 encrypted password in pgpass
Re: scram-sha-256 encrypted password in pgpass
List pgsql-admin
Tree view 
On 6/22/20 3:32 PM, Pavan Kumar wrote:
> Adrian, David,
> 
> Thank you so much for the quick response.
> 
> What would be the point of storing the encrypted password instead of the 
> plaintext one?
> As per our organization security policies, we can 't keep any  passwords 
> in plain text format.

But if you want to log in with encrypted password and someone can grab 
it from the file not sure what the difference is from grabbing the plain 
text one if they both end up logging the user in?



> I am working on postgres + pgbouncer setup, tested pgbouncer 1.14 where 
> we have support to use encrypted password in userlist,txt file. I am 
> surprised why  pgpass is not supporting encrypted passwords.
> 
> 
> 
> 
> On Mon, Jun 22, 2020 at 5:04 PM David G. Johnston 
> <david.g.johnston@gmail.com <mailto:david.g.johnston@gmail.com>> wrote:
> 
>     Please don't cross-post.
> 
>     On Mon, Jun 22, 2020 at 1:35 PM Pavan Kumar <pavan.dba27@gmail.com
>     <mailto:pavan.dba27@gmail.com>> wrote:
> 
>         scram-sha-256 encrypted passwords are supported in .pgpass file
>         ? If yes kindly provide us an example.
> 
>         I am using below format and it is not working for me
> 
>
/|pglnx1|/:/|5432|/:pgbouncer:/|pgadmin|/:"SCRAM-SHA-256$4096:6IDsjfedwsdpymp0Za7jaMew==$rzSoYL4ZYsW1WJAj7Lt3JtNLNR73AVY7sfsauikweblk][=:Hxx/juPXJZHy5djPctI=*/"/*
> 
>     The documentation doesn't say so one way or the other so I would go
>     with no.  The password in the pgpass file has to be the plaintext
>     password.  The client, upon speaking with the server, will decide
>     whether to send the plaintext password to the server or encrypt it
>     prior to transmission.
> 
>     What would be the point of storing the encrypted password instead of
>     the plaintext one?
> 
>     David J.
> 
> 
> 
> -- 
> *Regards,
> 
> #!  Pavan Kumar
> ----------------------------------------------*-
> *Sr. Database Administrator..!*
> *NEXT GENERATION PROFESSIONALS, LLC*
> *Cell    #  267-799-3182 #  pavan.dba27 (Gtalk) *
> *India   # 9000459083*
> 
>     *Take Risks; if you win, you will be very happy. If you lose you
>     will be Wise *
> 


-- 
Adrian Klaver
adrian.klaver@aklaver.com

pgsql-admin by date:

Previous
From: Pavan Kumar
Date:
Subject: Re: scram-sha-256 encrypted password in pgpass
Next
From: "David G. Johnston"
Date:
Subject: Re: scram-sha-256 encrypted password in pgpass