Re: PG_PWD and PG_PASSWORD Security
От | Peter Eisentraut |
---|---|
Тема | Re: PG_PWD and PG_PASSWORD Security |
Дата | |
Msg-id | Pine.LNX.4.30.0103012002540.760-100000@peter.localdomain обсуждение исходный текст |
Ответ на | PG_PWD and PG_PASSWORD Security ("Anthony Metzidis" <metzidis@mednet.ucla.edu>) |
Список | pgsql-general |
Anthony Metzidis writes: > Is there any way to keep postgres from saving the passwords in plain > text? No. > This seems to be a huge security hole. No, because the directory that contains these files shouldn't be world readable. The issue has been noted though, but no one has implemented a better solution yet. > I thought that passwords were to be saved in PG_SHADOW. What is > PG_SHADOW for anyway? Pg_shadow is the system catalog table that stores the user information, such as user name and password. The pg_pwd file is a plain text dump of pg_shadow, which is necessary because at the time the password is needed (during the connection attempt), the system can't read the pg_shadow table yet (because it's not connected yet, sort of). -- Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/
В списке pgsql-general по дате отправления: