[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sql and auth-source

From: Jean Louis
Subject: Re: sql and auth-source
Date: Fri, 27 Nov 2020 10:10:35 +0300
User-agent: Mutt/2.0 (3d08634) (2020-11-07)

* Robert <> [2020-11-27 09:52]:
> The ideal solution will include:
> - no passwords in init.el

I do keep passwords in init.el as it is personal file.

I do not keep passwords in init.el on remote servers. Then I would
prefer entering them. If it is multi user server then what if
administrator or some other user with access rights or backdoor is
listening on tty to read what I am typing?

Change permissions:

  -rw-------    1  50K Nov 25 22:04 init.el

Use better umask limits and also change permission on /home/user
directory to be user readable only if user is "protected" then
/home/protected would be:

  drwx------ 244  92K Nov 27 09:22 protected

Database password is not the only thing that is private, there are
other more important or more private things in the user's directory.

Unless init.el is not published for demonstrations it can be used to
store passwords.

> - I connect to the database using sql-connect or sql-postgres
> - (usually PostgreSQL) when connecting, I choose an alias to the
> - database

> - I am only asked to enter a password in order to decrypt the
> - authinfo wallet file

Interesting, as I may use those methods for program I am developing
when it comes to be used by public.

For Unix domain sockets I use trust method in pg_hba.conf

# "local" is for Unix domain socket connections only
local   all             all                                     trust

For remote databases SSL security with usernames and passwords is

reply via email to

[Prev in Thread] Current Thread [Next in Thread]