Home > mailing lists

Re: encrypt psql password in unix script - Mailing list pgsql-general

From	Vick Khera
Subject	Re: encrypt psql password in unix script
Date	July 8, 2015 22:06:57
Msg-id	CALd+dceKO-25YxFnjK9SEurKvoFsCWMKWL9F-rkzK09db23fjQ@mail.gmail.com Whole thread Raw
In response to	Re: encrypt psql password in unix script (John R Pierce <pierce@hogranch.com>)
List	pgsql-general

Tree view

On Wed, Jul 8, 2015 at 2:46 PM, John R Pierce <pierce@hogranch.com> wrote:

but what security does that gain you? if someone gets your encrypted/hashed password, he can still log on. the pgpass file has to be permissions 700, so only YOU (and root) can read it.

Exactly this. If you want a script to authenticate to postgres (or anything else) then somewhere you need something to be in the clear, whether it be the key to decrypt the password or a private key. If you can't trust the local file system and users, then you can't do what you want.

pgsql-general by date:

From: Steve Midgley
Date: 08 July 2015, 22:01:12
Subject: Re: [SQL] encrypt psql password in unix script

From: Xavier Stevens
Date: 08 July 2015, 22:08:25
Subject: Re: [SQL] encrypt psql password in unix script

Re: encrypt psql password in unix script - Mailing list pgsql-general

Previous

Next