| From: | Christian Kruse <christian(at)2ndQuadrant(dot)com> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
| Cc: | firoz e v <firoz(dot)ev(at)huawei(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Storing the password in .pgpass file in an encrypted format |
| Date: | 2014-02-21 14:28:52 |
| Message-ID: | 20140221142851.GA16533@defunct.ch |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
On 21/02/14 11:15, Alvaro Herrera wrote:
> Maybe you can memfrob() the password to encrypt it before writing, and
> then memfrob() it back before applying it. Would that be secure?
From `man memfrob`:
Note that this function is not a proper encryption routine as the XOR
constant is fixed, and is only suitable for hiding strings.
No, it is not secure. And I agree, encrypting .pgpass doesn't make
sense. Either you have a known key and then encryption is useless or
you have to provide a key at runtime and then .pgpass is useless.
Best regards,
--
Christian Kruse http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Euler Taveira | 2014-02-21 14:50:03 | Re: Storing the password in .pgpass file in an encrypted format |
| Previous Message | Alvaro Herrera | 2014-02-21 14:15:11 | Re: Storing the password in .pgpass file in an encrypted format |