guillermo arias wrote:
> Hello, i am using PostgreSQL 8.2 in a Windows XP pc. I know that this
> file PGPASS.CONF stores the users with password, but because this is a
> plain txt file, it is easy for "curious" people to read the contents.
> By other way, if i do not write the password there, my users will have
> to write it when trying to connect to the PostgreSQL, and it is not
> desirable when i have an application in Windows.
> I have to say that my WinXP pc has the C: partition with FAT32, and the
> J: partition is NTFS. The PostgreSQL engine and database are installed in J:
>
> My question is ¿how can i protect PGPASS.CONF? or if you have another
> idea for protecting the passwords i will be very thankfull to read it.
Use NTFS file permissions. If your XP is installed on C:, and you have
FAT32 on C:, you basically have zero security on your system anyway, so
there is not much point in protecting this one file - it'd be trivial to
get that and other data anyway.
Now, if XP is installed on != C:, you can redirect the user profile
directories to the NTFS drive and protect those (check google for help
on how) - but it really makes no sense if XP is on a FAT32 drive. If so,
your only real solution is to convert to NTFS and make sure you get the
proper security set on the files.
//Magnus