Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.databases.postgresql > #828 > unrolled thread
| Started by | bjorn.d.jensen@gmail.com |
|---|---|
| First post | 2018-05-21 23:32 -0700 |
| Last post | 2018-05-23 08:53 -0700 |
| Articles | 4 — 3 participants |
Back to article view | Back to comp.databases.postgresql
create user mapping for user_in_postgredb server my_remote_ms_server options (username 'domain\myuser', password 'keepsecret'); bjorn.d.jensen@gmail.com - 2018-05-21 23:32 -0700
Re: create user mapping for user_in_postgredb server my_remote_ms_server options (username 'domain\myuser', password 'keepsecret'); Laurenz Albe <laurenz@nospam.pn> - 2018-05-22 11:27 +0000
Re: create user mapping for user_in_postgredb server my_remote_ms_server options (username 'domain\myuser', password 'keepsecret'); mattheww@chiark.greenend.org.uk (Matthew Woodcraft) - 2018-05-22 18:07 +0100
Re: create user mapping for user_in_postgredb server my_remote_ms_server options (username 'domain\myuser', password 'keepsecret'); bjorn.d.jensen@gmail.com - 2018-05-23 08:53 -0700
| From | bjorn.d.jensen@gmail.com |
|---|---|
| Date | 2018-05-21 23:32 -0700 |
| Subject | create user mapping for user_in_postgredb server my_remote_ms_server options (username 'domain\myuser', password 'keepsecret'); |
| Message-ID | <eac5adca-47de-435b-acfb-871feabe7990@googlegroups.com> |
Hi! I have to manage PostgreSQL scripts, that will create objects (tables, views, functions etc), including foreign data wrapper. I have a shell script that will start execution of a couple of postgresql-script files creating these objects. One of the script files includes code like this: create user mapping for user_in_postgredb server my_remote_ms_server options (username 'domain\myuser', password 'keepsecret'); I don't like the idea having the password in clear text as part of the script files stored in GIT repository accessbile by non-db-admins. How to avoid this? BR Bjorn
[toc] | [next] | [standalone]
| From | Laurenz Albe <laurenz@nospam.pn> |
|---|---|
| Date | 2018-05-22 11:27 +0000 |
| Message-ID | <pe0uqr$irt$1@dont-email.me> |
| In reply to | #828 |
On Mon, 21 May 2018 23:32:42 -0700, bjorn.d.jensen wrote: > I have to manage PostgreSQL scripts, that will create objects (tables, > views, functions etc), including foreign data wrapper. > > > I have a shell script that will start execution of a couple of > postgresql-script files creating these objects. > > One of the script files includes code like this: > > > create user mapping for user_in_postgredb server my_remote_ms_server > options (username 'domain\myuser', password 'keepsecret'); > > > I don't like the idea having the password in clear text as part of the > script files stored in GIT repository accessbile by non-db-admins. > > How to avoid this? The documentation is quite outspoken here: > Only superusers may connect to foreign servers without password > authentication, so always specify the password option for user mappings > belonging to non-superusers. You could use a connections as superuser and wrap the access to the foreign table in a SECURITY DEFINER function. Maybe it is a solution to keep CREATE USER MAPPING in a separate script that is not managed by Git.
[toc] | [prev] | [next] | [standalone]
| From | mattheww@chiark.greenend.org.uk (Matthew Woodcraft) |
|---|---|
| Date | 2018-05-22 18:07 +0100 |
| Message-ID | <fem*AorWw@news.chiark.greenend.org.uk> |
| In reply to | #828 |
In article <eac5adca-47de-435b-acfb-871feabe7990@googlegroups.com>, <bjorn.d.jensen@gmail.com> wrote: > I have to manage PostgreSQL scripts, that will create > objects (tables, views, functions etc), including > foreign data wrapper. > > > I have a shell script that will start execution of a couple > of postgresql-script files creating these objects. > > One of the script files includes code like this: > > > create user mapping for user_in_postgredb server my_remote_ms_server options (username 'domain\myuser', password 'keepsecret'); > > > I don't like the idea having the password in clear text as part of the script > files stored in GIT repository accessbile by non-db-admins. > > How to avoid this? The usual thing is to either: - put the password in some separate location outside git, and have the shell script retrieve it; or - encrypt the password stored in git, and have the shell script decrypt it You might consider one of these projects to help with the second approach: https://github.com/StackExchange/blackbox https://dotat.at/prog/regpg/ -M-
[toc] | [prev] | [next] | [standalone]
| From | bjorn.d.jensen@gmail.com |
|---|---|
| Date | 2018-05-23 08:53 -0700 |
| Message-ID | <c889d976-0b5d-4549-abfa-aaf476dfbc74@googlegroups.com> |
| In reply to | #830 |
any example you can share how the postgre-sql-file should look like that is called by shell script?
[toc] | [prev] | [standalone]
Back to top | Article view | comp.databases.postgresql
csiph-web