Re: [PATCH] pgpassfile connection option
Andrew Dunstan <andrew@dunslane.net>
From: Andrew Dunstan <andrew@dunslane.net>
To: Julian Markwort <julian.markwort@uni-muenster.de>,
pgsql-hackers@postgresql.org
Date: 2016-09-22T15:15:45Z
Lists: pgsql-hackers
On 09/22/2016 10:44 AM, Julian Markwort wrote: > Hello psql-hackers! > > We thought it would be advantageous to be able to specify a 'custom' > pgpassfile within the connection string along the lines of the > existing parameters sslkey and sslcert. > > Which is exactly what this very compact patch does. > The patch is minimally invasive - when no pgpassfile attribute is > provided in the connection string, the regular pgpassfile is used. > The security-measures (which are limited to checking the permissions > for 0600) are kept, however we could loosen that restriciton to allow > group access as well along the lines of the ssl key file , if this is > preferred. (in case multiple users belonging to the same group would > like to connect using the same file). > > The patch applies cleanly to master and compiles and runs as expected > (as there are no critical alterations). > I've not written any documentation as of now, but I'll follow up > closely if there is any interest for this patch. > > notes: > - using ~ to denote the user's home directory in the path does not > work, however $HOME works (as this is translated by bash beforehand). > - the notation in the custom pgpassfile should follow the notation of > the 'default' pgpass files: > hostname:port:database:username:password > - this has only been tested on linux so far, however due to the > nature of the changes I suspect that there is nothing that could go > wrong in other environments, although I could test that as well, if > deemed necessary. I'm not necessarily opposed to this, but what is the advantage over the existing PGPASSFILE environment setting mechanism? cheers andrew
Commits
-
Allow password file name to be specified as a libpq connection parameter.
- ba005f193d88 10.0 landed