How to secure pgpass file from unauthorized reading of passwords ? (WIndows)
Hello.
It seems that for all automated tasks (backup, autovacuum etc.) passwords should be provided by pgpass file.
But, anyone can read pgpass file....
How can I make it secure that nobody can read it, except programs for backup and autovacuum ?
Thanks,
Zlatko
On Wed, Oct 12, 2005 at 11:34:58AM +0200, Zlatko Mati? wrote:
Hello.
It seems that for all automated tasks (backup, autovacuum etc.) passwords should be provided by pgpass file.
But, anyone can read pgpass file....How can I make it secure that nobody can read it, except programs for backup and autovacuum ?
Err, normal filesystem permissions. Say mode 600 in UNIX.
If you're using UNIX you can allow ident auth via UNIX domain for the
backup user. That's very secure.
--
Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/
Show quoted text
Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a
tool for doing 5% of the work and then sitting around waiting for someone
else to do the other 95% so you can sue them.
Hello.
It seems that for all automated tasks (backup, autovacuum
etc.) passwords should be provided by pgpass file.
But, anyone can read pgpass file....How can I make it secure that nobody can read it, except
programs for backup and autovacuum ?
Set filesystem permissions on the file.
The default is to allow only the user who owns the directory to read it (plus administrators of course). I'm not sure where you get the "anyone can read pgpass" from.
//Magnus
Import Notes
Resolved by subject fallback