Обсуждение: security on user for replication
We use replication with publication/subsctription. It´s ok, works fine.
Sent from the PostgreSQL - general mailing list archive at Nabble.com.
But if I go to my replica server and do select * from pg_subscription
on field subconninfo I have all properties to connect. host, port, user, password and dbname, all these info are available.
Documentation says user for replication is equivalent to a superuser and must have the login attribute. If this user has all this power and using that select on replica all that info is available ...
How can I hide that info from users which are connected to my replica server or
If it´s possible to have a replication user with not superuser rights or with NoLogin
Sent from the PostgreSQL - general mailing list archive at Nabble.com.
Am 11.11.19 um 14:26 schrieb PegoraroF10: > How can I hide that info from users which are connected to my replica > server you can use a .pgpass - file, see the documentation. Regards, Andreas -- 2ndQuadrant - The PostgreSQL Support Company. www.2ndQuadrant.com
## PegoraroF10 (marcos@f10.com.br): > How can I hide that info from users which are connected to my replica server https://www.postgresql.org/docs/current/catalog-pg-subscription.html Access to the column subconninfo is revoked from normal users, because it could contain plain-text passwords. Else: SSL certificates, pgpass file, or rig up some kerberos (that's not that elegant in this case). Regards, Christoph -- Spare Space.