[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: sql and auth-source
|
From: |
Jean Louis |
|
Subject: |
Re: sql and auth-source |
|
Date: |
Fri, 27 Nov 2020 10:10:35 +0300 |
|
User-agent: |
Mutt/2.0 (3d08634) (2020-11-07) |
* Robert <rchar@protonmail.com> [2020-11-27 09:52]:
> The ideal solution will include:
> - no passwords in init.el
I do keep passwords in init.el as it is personal file.
I do not keep passwords in init.el on remote servers. Then I would
prefer entering them. If it is multi user server then what if
administrator or some other user with access rights or backdoor is
listening on tty to read what I am typing?
Change permissions:
-rw------- 1 50K Nov 25 22:04 init.el
Use better umask limits and also change permission on /home/user
directory to be user readable only if user is "protected" then
/home/protected would be:
drwx------ 244 92K Nov 27 09:22 protected
Database password is not the only thing that is private, there are
other more important or more private things in the user's directory.
Unless init.el is not published for demonstrations it can be used to
store passwords.
> - I connect to the database using sql-connect or sql-postgres
> - (usually PostgreSQL) when connecting, I choose an alias to the
> - database
> - I am only asked to enter a password in order to decrypt the
> - authinfo wallet file
Interesting, as I may use those methods for program I am developing
when it comes to be used by public.
For Unix domain sockets I use trust method in pg_hba.conf
# "local" is for Unix domain socket connections only
local all all trust
For remote databases SSL security with usernames and passwords is
necessary.