Thread: Encryption of .pgpass

Encryption of .pgpass

From
"Hiroshi Saito"
Date:
Dear Bruce san.

I may be quite persistent.:-)
I seasoned the proposal method. It was very painful that the
conventional connection method to this password was a plain text.
Although I am simple, I desire the support. Furthermore, the relation
between a field item and an environment variable is complicated.

ex.)
inetrt% pqpasswd -U postgres -d postgres
New Password:
Retype New Password:
Succeeded in creation.
inetrt% pqpasswd -U postgres -d postgres -l
/home/saito/.pgpass
hostname=localhost port=5432 dbname=postgres username=postgres password=**********
This 1th line is used.
inetrt% cat /home/saito/.pgpass
localhost:5432:postgres:postgres:postgres
inetrt% psql postgres postgres
Welcome to psql 8.2devel, the PostgreSQL interactive terminal.
Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help with psql commands
       \g or terminate with semicolon to execute query
       \q to quit
postgres=#

inetrt% rm /home/saito/.pgpass
inetrt% pqpasswd -U postgres -d postgres -m
New Password:
Retype New Password:
Succeeded in creation.
inetrt% pqpasswd -U postgres -d postgres -m -l
/home/saito/.pgpass.md5
hostname=localhost port=5432 dbname=postgres username=postgres password=**********
This 1th line is used.
inetrt% cat /home/saito/.pgpass.md5
localhost:5432:postgres:postgres:md53175bce1d3201d16594cebf9d7eb3f9d
inetrt% psql postgres postgres
Welcome to psql 8.2devel, the PostgreSQL interactive terminal.
Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help with psql commands
       \g or terminate with semicolon to execute query
       \q to quit
postgres=#

inetrt% rm /home/saito/.pgpass.md5
inetrt% psql postgres postgres
Password for user postgres:
Welcome to psql 8.2devel, the PostgreSQL interactive terminal.
Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help with psql commands
       \g or terminate with semicolon to execute query
       \q to quit

I tried correspondence by sufix of md5 to .pgpass, in order to maintain compatibility.
I wish that it is fully reviewed. Thanks.

Regards,
Hiroshi Saito

Attachment

Re: Encryption of .pgpass

From
Tom Lane
Date:
"Hiroshi Saito" <z-saito@guitar.ocn.ne.jp> writes:
> I may be quite persistent.:-)
> I seasoned the proposal method. It was very painful that the
> conventional connection method to this password was a plain text.
> Although I am simple, I desire the support. Furthermore, the relation
> between a field item and an environment variable is complicated.

What is the point of this?  It seems to be complicating life to little
purpose (except storing passwords that will fail in non-MD5 password
methods --- given that people are talking about replacing MD5, that
doesn't seem like a good forward-looking idea).

            regards, tom lane

Re: Encryption of .pgpass

From
"Hiroshi Saito"
Date:
From: "Tom Lane" <tgl@sss.pgh.pa.us>

> What is the point of this?  It seems to be complicating life to little
> purpose (except storing passwords that will fail in non-MD5 password
> methods --- given that people are talking about replacing MD5, that
> doesn't seem like a good forward-looking idea).

Ahh, yes. It is "crypt" ,"ident" and "pam"...
I do not think that "passwd" should be used primarily.
Then, So, it is clear sufix of md5. It may be a narrower use.
However, I have simplified that it can use as a method of
hiding it. It is suggestion. Is it accepted by including "crypt"?

Thanks.

Regards,
Hiroshi Saito