Home > mailing lists

Re: BUG #16450: Recovery.conf file shows clear text password. - Mailing list pgsql-bugs

From	Magnus Hagander
Subject	Re: BUG #16450: Recovery.conf file shows clear text password.
Date	May 18, 2020 12:47:39
Msg-id	CABUevExhD-aU8++xn40Z4R6EX7fvN541t+wZTx-JMZQz=9AAGA@mail.gmail.com Whole thread Raw
In response to	BUG #16450: Recovery.conf file shows clear text password. (PG Bug reporting form <noreply@postgresql.org>)
List	pgsql-bugs

Tree view

On Mon, May 18, 2020 at 11:41 AM PG Bug reporting form <noreply@postgresql.org> wrote:

The following bug has been logged on the website:

Bug reference: 16450
Logged by: yi Ding
Email address: abcxiaod@126.com
PostgreSQL version: 10.12
Operating system: linux
Description:

cat recovery.conf

standby_mode = 'on'
primary_conninfo = 'host=2019::abcd:516 port=6755 user=test
application_name=sb2019abcd516 password=8d5s256fhHJ keepalives_idle=60
keepalives_interval=5 keepalives_count=5 sslmode=disable'
recovery_target_timeline = 'latest'

As PostgreSQL needs the password to connect to a service requiring a password, it has to be stored either in plantext or plaintext-equivalent.

You can avoid this by using an authentication method that does not require a password to be stored, such as Kerberos/gssapi or certificate. Nevertheless, the client side of the connection needs to store the credentials for access *in some way*, but for example with certificate authentication method you could use a smartcard or yubikey or similar to store it.

Magnus Hagander
Me: https://www.hagander.net/
Work: https://www.redpill-linpro.com/

pgsql-bugs by date:

From: Magnus Hagander
Date: 18 May 2020, 12:46:22
Subject: Re: BUG #16451: .psql_history file shows clear text password.

From: Heikki Linnakangas
Date: 18 May 2020, 12:49:51
Subject: Re: BUG #16448: Remote code execution vulnerability

Re: BUG #16450: Recovery.conf file shows clear text password. - Mailing list pgsql-bugs

Previous

Next