Re: [PATCH] pgpassfile connection option
Stephen Frost <sfrost@snowman.net>
From: Stephen Frost <sfrost@snowman.net>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Julian Markwort <julian.markwort@uni-muenster.de>, Andrew Dunstan <andrew@dunslane.net>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2016-11-20T00:04:05Z
Lists: pgsql-hackers
All, * Robert Haas (robertmhaas@gmail.com) wrote: > You could do something like that, I guess, but I think it might be a > good idea to wait and see if anyone else has opinions on (1) the > desirability of the basic feature, (2) the severity of the security > hazard it creates, and (3) your proposed remediation method. [...] > Hey, everybody: chime in here... The feature strikes me as pretty reasonable to have and the pghoard example shows that it can be quite handy in some circumstances. I don't see much merit behind the security concern raised- the file in question would have to have the correct format and you would have to be connecting to a system listed in that file for any disclosure to happen, no? As such, I don't know that any remediation is necessary for this. Thanks! Stephen
Commits
-
Allow password file name to be specified as a libpq connection parameter.
- ba005f193d88 10.0 landed