[Engine-devel] Dropping encryption of database password
Eli Mesika
emesika at redhat.com
Sun May 5 07:13:59 UTC 2013
----- Original Message -----
> From: "Alon Bar-Lev" <alonbl at redhat.com>
> To: "Keith Robertson" <kroberts at redhat.com>
> Cc: "Juan Hernandez" <jhernand at redhat.com>, "engine-devel" <engine-devel at ovirt.org>, "pmatouse" <pmatouse at redhat.com>
> Sent: Wednesday, May 1, 2013 9:40:13 PM
> Subject: Re: [Engine-devel] Dropping encryption of database password
>
>
>
> ----- Original Message -----
> > From: "Keith Robertson" <kroberts at redhat.com>
> > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > Cc: "Josh Bressers" <bressers at redhat.com>, "Juan Hernandez"
> > <jhernand at redhat.com>, "engine-devel"
> > <engine-devel at ovirt.org>, "pmatouse" <pmatouse at redhat.com>, "Sandro
> > Bonazzola" <sbonazzo at redhat.com>
> > Sent: Wednesday, May 1, 2013 9:31:15 PM
> > Subject: Re: [Engine-devel] Dropping encryption of database password
> >
> > On 05/01/2013 02:16 PM, Alon Bar-Lev wrote:
> > > Thank you.
> > > This is what I wrote in my initial post.
> > > The only users who should access this password is ovirt user and root
> > > user.
> > >
> > > Regards,
> > > Alon Bar-Lev.
> > >
> > >> >
> > Alon,
> > I agree with the desire to store the PW in plaintext and in a
> > non-obfuscated manner. In this case, obfuscation really doesn't gain
> > anything.
> >
> > I would suggest; however, that the migration to plaintext be coordinated
> > with a simultaneous patch to the the Log Collector. It does have a
> > dependency on the current architecture.
> >
> > Keith
> >
>
> Hi,
>
> As far as I know it reads the plain text from .pgpass, we need to modify it
> to search within the alternate format as well.
We are using the original .pgpass file that is in 0600 mode ( have access only to root)
If the file does not have this mode , it is ignored by Postgres
I see no security issue in that ...
Please see details in
http://www.postgresql.org/docs/9.0/static/libpq-pgpass.html
>
> Thanks,
> Alon
> _______________________________________________
> Engine-devel mailing list
> Engine-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel
>
More information about the Devel
mailing list