On 02/05/2013 10:44 AM, Scott Marlowe wrote:
>
> On Tue, Feb 5, 2013 at 10:15 AM, Shaun Thomas <sthomas@optionshouse.com> wrote:
>> Hey folks,
>>
>> We're wanting to implement a more secure password policy, and so have
>> considered switching to LDAP/Active Directory for passwords. Normally, this
>> would be fine, but for two things:
>>
>> 1. Tons of our devs use .pgpass files to connect everywhere.
>> 2. Several devs have root access to various environments.
>
> Stop. If you want secure setups you don't hand out root access to
> lots of people. Trying to then make it secure is like closing the
> barn door after the horse has left.
I think this is a naive response Scott although I must admit it was my
gut reaction as well. The reality is we shouldn't store a plain text
password. At a minimum it should be hashed. That part of the problem is
really on us, regardless if it is a bad idea to hand out root.
Now it is true that if they can't trust their devs with this problem,
those devs shouldn't have root but that is a business policy problem
whereas ours is an actual security issue.
Sincerely,
Joshua D. Drake
--
Command Prompt, Inc. - http://www.commandprompt.com/
PostgreSQL Support, Training, Professional Services and Development
High Availability, Oracle Conversion, Postgres-XC
@cmdpromptinc - 509-416-6579