On 01/31/2015 06:30 PM, Gordon Marx wrote:
None of that matters.
Huh?
Code goes in version control. Secrets that you want to keep secret don't. Therefore, you can't put secrets into your code.
Yes, that's why I brought up the question. We agree.
Write the username and password into a configuration file,
That is my current approach.
get the username and password from the environment, or use a non-password auth mechanism like an SSL certificate.
Even more non-standard, make up a new one every time the OS boots, set the postgres password then, too.
Because this is only used to communicate within the machine, no one else cares whether it changes. A file with narrow permissions is safer than trusting "localhost" restrictions.
-kb _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
