| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | Shane Ambler <pgsql(at)007Marketing(dot)com>, Michael Schmidt <michaelmschmidt(at)msn(dot)com>, PostgreSQL General <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Password issue revisited |
| Date: | 2007-02-20 15:05:07 |
| Message-ID: | 20070220150507.GD11927@svr2.hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs pgsql-general |
Are we sure we want to do this? (Sorry, didn't notice this thread last
time)
The default on *all* windows versions since NT 4.0 (which is when the
directory we use was added) will put this file in a protected directory.
The only case when it's not protected by default is if you're usnig FAT
filesystem, in which case there is nothing you can do about it anyway.
On unix, the file will often be created in outside-readable mode by
default, depending on how your OS is set up.
So to reach a situation where the file lives in an unprotected
directory, you must actively open up the directory in question. Which is
hidden from default view, so you really need to know what you're doing to
get there.
Not to mention it's a pain to define what permissions are ok and what
are not. We're talking ACLs and not filemodes - so how do you decide
which accounts are ok to have access, and which are not?
//Magnus
On Tue, Feb 20, 2007 at 09:49:00AM -0500, Bruce Momjian wrote:
>
> Added to TODO for Win32:
>
> o Check .pgpass file permissions
>
> ---------------------------------------------------------------------------
>
> Shane Ambler wrote:
> > Michael Schmidt wrote:
> > > Fellow PostgreSQL fans,
> >
> > > 1. I don't see that this would pose a major security risk. In
> > > fact, in applications where the user enters the password for each
> > > session, the password need never be saved to disk, which seems a
> > > definite security advantage. Some folks have noted that .pgpass is
> > > a plain text file, hence it could be vulnerable.
> >
> > Yes it is a plain text file but if you want to use it then you need to
> > ensure the security is sufficient on the file or it won't be used.
> >
> > As per the manual -
> >
> > > The permissions on .pgpass must disallow any access to world or
> > group; > achieve this by the command chmod 0600 ~/.pgpass. If the
> > permissions
> > > are less strict than this, the file will be ignored. (The file
> > > permissions are not currently checked on Microsoft Windows, however.)
> >
> >
> > So this security feature should be something that gets added to the
> > windows version. But otherwise the security of the user's account that
> > has a .pgpass file is the decider on whether it is vulnerable.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2007-02-20 15:21:21 | Re: Password issue revisited |
| Previous Message | Bruce Momjian | 2007-02-20 14:49:00 | Re: Password issue revisited |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ian Harding | 2007-02-20 15:17:37 | Re: How would you handle updating an item and related stuff all at once? |
| Previous Message | Marek Lewczuk | 2007-02-20 14:55:59 | Warning "TupleDesc reference leak" |