| From: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
|---|---|
| To: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
| Cc: | Euler Taveira <euler(at)timbira(dot)com(dot)br>, firoz e v <firoz(dot)ev(at)huawei(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Storing the password in .pgpass file in an encrypted format |
| Date: | 2014-02-21 16:20:00 |
| Message-ID: | 20140221162000.GL4759@eldon.alvh.no-ip.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Jeff Janes escribió:
> On Fri, Feb 21, 2014 at 7:04 AM, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>wrote:
> > If you were to have a mechanism by which
> > libpq can store an md5'd password (or whatever hash) and send that md5
> > to the server and have the server accept it to grant a connection, then
> > the md5 has, in effect, become the unencrypted password which others can
> > capture from the file, and you're back at square one.
>
> The string in .pgpass would be enough for people to log into postgresql,
> true. But it would not work to log onto other things which share the same
> clear-text password but don't share the same salting mechanism.
That's true. Patches welcome to improve that. Maybe we can define that
if the stored password string starts with $1$md5$ and has a just the
right length then it's a md5 hash rather than cleartext, or something
like that.
I do fear that people are going to look at the file and say "hey, it's
encrypted [sic] so it's secure! I can share the file with the world!".
--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2014-02-21 16:25:47 | Re: Warning in pg_backup_archiver.c |
| Previous Message | Florian Pflug | 2014-02-21 16:16:48 | Re: SPI_connect on multi-threaded app |