Re: [HACKERS] Provide list of subscriptions and publications inpsql's completion

Поиск
Список
Период
Сортировка
От Magnus Hagander
Тема Re: [HACKERS] Provide list of subscriptions and publications inpsql's completion
Дата
Msg-id CABUevEwfCuhOFrXr1kFzHh_v6Yk68zUWRbnQ=8VmYPf0Xqb8Pw@mail.gmail.com
обсуждение исходный текст
Ответ на Re: [HACKERS] Provide list of subscriptions and publications inpsql's completion  (Michael Paquier <michael.paquier@gmail.com>)
Список pgsql-hackers
Дерево обсуждения


On Sun, Feb 19, 2017 at 1:43 PM, Michael Paquier <michael.paquier@gmail.com> wrote:
On Sun, Feb 19, 2017 at 8:03 PM, Magnus Hagander <magnus@hagander.net> wrote:
> If password auth is used, we have to store the password in plaintext
> equivalent somewhere. Meaning it's by definition going to be exposed to
> superusers and replication downstreams.

Another possibility is to mention the use of the new passfile
parameter for connection strings in the docs... This removes the need
to have plain passwords directly stored in the database. Not sure if
that's better though because that still mean that the password is
present in plain format somewhere.

That might definitely be a help, because it would be stored out of band. But it also comes with a caveat in that when it's stored outside, it's not included in replication (physical HA replication) so you need to maintain it across all nodes or Bad Things can happen.

And yes, whatever you do, if you want to the system to be able to automatically start/restart, you have to keep the password in cleartext equivalent *somewhere*. There's no way around that.

 
> Or are you suggesting a scheme
> whereby you have to enter all your subscription passwords in a prompt of
> some kind when starting the postmaster, to avoid it?

Thinking about that now we could have a connection string parameter
called for example password_command, that could be used for example
with gpg2 to get back a decrypted password value.


We could, but we don't really have a good way to interface with that. When the server is started with says systemd, how and where are you going to prompt the user for the gpg passphrase? It's not like there is a console available to pop the question up on.

It's the same basic issue as with password protected SSL certificates - which is why people end up deploying their servers with an unprotected key. For all services.
 

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Michael Paquier
Дата:
Сообщение: Re: [HACKERS] Provide list of subscriptions and publications inpsql's completion
Следующее
От: Robert Haas
Дата:
Сообщение: Re: [HACKERS] Provide list of subscriptions and publications inpsql's completion