Re: [PATCH] pgpassfile connection option

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: Julian Markwort <julian(dot)markwort(at)uni-muenster(dot)de>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: [PATCH] pgpassfile connection option
Date: 2016-09-22 15:15:45
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On 09/22/2016 10:44 AM, Julian Markwort wrote:
> Hello psql-hackers!
> We thought it would be advantageous to be able to specify a 'custom'
> pgpassfile within the connection string along the lines of the
> existing parameters sslkey and sslcert.
> Which is exactly what this very compact patch does.
> The patch is minimally invasive - when no pgpassfile attribute is
> provided in the connection string, the regular pgpassfile is used.
> The security-measures (which are limited to checking the permissions
> for 0600) are kept, however we could loosen that restriciton to allow
> group access as well along the lines of the ssl key file , if this is
> preferred. (in case multiple users belonging to the same group would
> like to connect using the same file).
> The patch applies cleanly to master and compiles and runs as expected
> (as there are no critical alterations).
> I've not written any documentation as of now, but I'll follow up
> closely if there is any interest for this patch.
> notes:
> - using ~ to denote the user's home directory in the path does not
> work, however $HOME works (as this is translated by bash beforehand).
> - the notation in the custom pgpassfile should follow the notation of
> the 'default' pgpass files:
> hostname:port:database:username:password
> - this has only been tested on linux so far, however due to the
> nature of the changes I suspect that there is nothing that could go
> wrong in other environments, although I could test that as well, if
> deemed necessary.

I'm not necessarily opposed to this, but what is the advantage over the
existing PGPASSFILE environment setting mechanism?



In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Masahiko Sawada 2016-09-22 15:16:05 Re: pg_ctl promote wait
Previous Message Julian Markwort 2016-09-22 14:44:23 [PATCH] pgpassfile connection option