Database Reference
In-Depth Information
Don't forget: Set the file permissions on the file, so that security is maintained.
The file permissions are not enforced on Windows, though the default location
is secure. On *nix systems, you must issue the following:
chmod 0600 ~/.pgpass
If you forget to do this, the PostgreSQL client will
ignore
the
.pgpass
ile
silently. So don't forget!
How it works...
Many people name the password file as
.pgpass
, whether or not they are on Windows, so
don't get confused if they do this.
The password file can contain multiple lines. Each line is matched against the requested
host:port:dbname:user
combination until we find a line that matches, and then we use
that password.
Each item can be a literal value or
*
a wildcard that matches anything. There is no support
for partial matching. With appropriate permissions, a user could potentially connect to any
database. Using the wildcard in the dbname and port fields makes sense, though is less
useful in other fields.
Here are a few examples:
F
myhost:5432:*:sriggs:moresecurepw
F
myhost:5432:perf:hannu:okpw
F
myhost:*:perf:gabriele:maggioresicurezza
There's more...
This looks like a good improvement if you have a small number of database servers. If you
have many different database servers, you may want to think about using a connection
service file instead, or perhaps even storing details on an LDAP server.
Using a connection service file
When the number of connection options gets too much, you may want to think about using
a connection service file.
The connection service file allows you to give a single name to a set of connection parameters.
This can be accessed centrally to avoid the need for individual users to know the host and
port of the database, and is more resistant to future change.
