Thread: How to secure pgpass file from unauthorized reading of passwords ? (WIndows)

On Wed, Oct 12, 2005 at 11:34:58AM +0200, Zlatko Mati? wrote:
> Hello.
>
> It seems that for all automated tasks (backup, autovacuum etc.) passwords should be provided by pgpass file.
> But, anyone can read pgpass file....
>
> How can I make it secure that nobody can read it, except programs for backup and autovacuum ?

Err, normal filesystem permissions. Say mode 600 in UNIX.

If you're using UNIX you can allow ident auth via UNIX domain for the
backup user. That's very secure.
--
Martijn van Oosterhout   <kleptog@svana.org>   http://svana.org/kleptog/
> Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a
> tool for doing 5% of the work and then sitting around waiting for someone
> else to do the other 95% so you can sue them.

> Hello.
>
> It seems that for all automated tasks (backup, autovacuum
> etc.) passwords should be provided by pgpass file.
> But, anyone can read pgpass file....
>
> How can I make it secure that nobody can read it, except
> programs for backup and autovacuum ?

Set filesystem permissions on the file.

The default is to allow only the user who owns the directory to read it (plus administrators of course). I'm not sure
whereyou get the "anyone can read pgpass" from. 

//Magnus