Thanks for answering
Yes, you are right. This is a client-side file. However, our concern is
that we have to consider this practice as a security issue. We'd like to
ban this practice for our product which is, thus, wrapping PostgresQL
engine. Thus my questions
- is there any configuration that can be done on server side to prevent
the client side to use such file to read passwords ?
- is there any options that can be set in postgres libpq C library to
prevent the connection functions to search for password in files ?
Thanks
--
-----Original Message-----
From: Raymond O'Donnell [mailto:rod@iol.ie]
Sent: mercredi 31 mars 2010 19:00
To: Christophe Dore
Cc: pgsql-general@postgresql.org
Subject: Re: [GENERAL] prevent connection using pgpass.conf
On 31/03/2010 16:32, Christophe Dore wrote:
> Hi
>
> We are building a solution using some dedicated postgresql servers
(and
> dedicated C++ and Java apps). For security reasons, we'd like to
prevent
> users to connect (from our apps at least) to those servers with
> passwords stored in files such as pgpass.conf.
Unless I'm mistaken, my understanding is that pgpass files are stored on
client machines, not the server, so if the clients are connecting from
different machines this shouldn't be a problem in the first place.
Ray.
--
Raymond O'Donnell :: Galway :: Ireland
rod@iol.ie