how to avoid clear text passwords for connections to PostgreSQL db

[anj patnaik]

Hello all,
I am using Pgtcl to connect to postgreSQL db. Right now, passwords are in Tcl scripts/code files.

I am looking for means to avoid clear text passwords in code/scripts. Are there any mechanisms in Tcl/Pgtcl that you know/used to avoid clear text passwords?

I know oracle has a "wallet" mechanism. Is there any mechanims in pgtcl and postgres that works well for this of purpose.

Thanks a lot!

[Rich]

Read the documentation for pgtcl.

Specifically the part about "sslmode".

[Robert Heller]

That may not be what the OP needs. I expect that only protects the passwords
in 'transit', but the code/scripts themselves would still have the passwords
in clear text.

>
>

--
Robert Heller -- 978-544-6933
Deepwoods Software -- Custom Software Services
http://www.deepsoft.com/ -- Linux Administration Services
hel...@deepsoft.com -- Webhosting Services

[Robert Heller]

PostgreSQL has a way to map UNIX usernames with PostgreSQL users. If you use
this mechanism and then run your scripts as the proper 'user', you don't need
to specifiy usernames or passwords in the code/scripts.

>
> Thanks a lot!

[M. Strobel]

You can define your database parameters (host, user, sslmode, ..., not password) in
the file ~/.pg_service.conf which saves you editing the code or program your own
config file.

Additionally you can put passwords in ~/.pgpass which might indeed be saver than in
the code.

Read the pg docs about it, it is well described, but somewhat hidden (search for the
file names)

These nice features depend of course on the usage of the pg client lib (which is the
case in Tcl).

I had this working even for a web server, by putting these files into the web server
home dir.

/Str.