Re: Storing the password in .pgpass file in an encrypted format

Hi,

On 21/02/14 11:15, Alvaro Herrera wrote:
> Maybe you can memfrob() the password to encrypt it before writing, and
> then memfrob() it back before applying it.  Would that be secure?

From `man memfrob`:
Note that this function is not a proper encryption routine as the XORconstant is fixed, and is only suitable for hiding
strings.

No, it is not secure. And I agree, encrypting .pgpass doesn't make
sense. Either you have a known key and then encryption is useless or
you have to provide a key at runtime and then .pgpass is useless.

Best regards,

-- Christian Kruse               http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services