Hello. I have had complaints several times on lack of this kind of feature.
At Wed, 1 Aug 2018 17:33:39 +0200, Marco van Eck <marco.van...@gmail.com> wrote in <cae35ztpkvpe4xa7+jcgy+o5kl_9ftz-owpdrupxmvpu168p...@mail.gmail.com> > After explaining the patch to a college we identified potentially execution > of another user when it is defined in as a command parameter. To protect > agains it I've removed the possibility to pass the 'passcommand'. With the > result libpq only allows the PGPASSCOMMAND environment variable, which can > only be defined by the executing user, and will be executed by the same > user. It only reduces the need of unencrypted password's in a file. Myabe we don't need the new environment variable by just allowing .pgpass be a script. If we put faith in the security of .pgpass, this won't be a problem, putting aside what the script actually does. > I think this solution is secure enough, shall we solve this feature-request? > > > Regards, Marco > > On Tue, Jul 24, 2018 at 4:00 PM Tom Lane <t...@sss.pgh.pa.us> wrote: > > > Marco van Eck <marco.van...@gmail.com> writes: > > > Indeed having unencrypted password lying (.pgpass or PGPASSWORD or -W) > > > around is making my auditors unhappy, and forcing me to enter the > > password > > > over and over again. With a simple test it seems the password entered by > > > the user also stays in memory, since it is able to reset a broken > > > connection. Finding the password in memory is not trivial, but prevention > > > is always preferred. > > > > > It might be an idea to wipe the password after the login, and > > decrypt/read > > > it again if it needs to reconnect. Would this make the solution more > > > secure? I had a quick look at the code and the patch would stay compact. > > > Please let me know of doing this would make sense. > > > > We're basically not going to accept any added complication that's designed > > to prevent memory-inspection attacks, because in general that's a waste > > of effort. All you're doing is (slightly) reducing the attack window. > > > > regards, tom lane regards. -- Kyotaro Horiguchi NTT Open Source Software Center
