From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Jean Louis Newsgroups: gmane.emacs.help Subject: Re: sql and auth-source Date: Fri, 27 Nov 2020 10:10:35 +0300 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="18565"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mutt/2.0 (3d08634) (2020-11-07) Cc: "help-gnu-emacs@gnu.org" To: Robert Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Fri Nov 27 08:13:26 2020 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kiXwc-0004jj-0x for geh-help-gnu-emacs@m.gmane-mx.org; Fri, 27 Nov 2020 08:13:26 +0100 Original-Received: from localhost ([::1]:47970 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kiXwb-0007Uz-1z for geh-help-gnu-emacs@m.gmane-mx.org; Fri, 27 Nov 2020 02:13:25 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:54388) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kiXwA-0007Th-Do for help-gnu-emacs@gnu.org; Fri, 27 Nov 2020 02:12:58 -0500 Original-Received: from static.rcdrun.com ([95.85.24.50]:58069) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kiXw8-0005cT-IX for help-gnu-emacs@gnu.org; Fri, 27 Nov 2020 02:12:58 -0500 Original-Received: from localhost ([::ffff:41.202.241.56]) (AUTH: PLAIN admin, TLS: TLS1.2,256bits,ECDHE_RSA_AES_256_GCM_SHA384) by static.rcdrun.com with ESMTPSA id 00000000002C000E.000000005FC0A6F6.00005BFE; Fri, 27 Nov 2020 07:12:53 +0000 Content-Disposition: inline In-Reply-To: Received-SPF: pass client-ip=95.85.24.50; envelope-from=bugs@gnu.support; helo=static.rcdrun.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "help-gnu-emacs" Xref: news.gmane.io gmane.emacs.help:125640 Archived-At: * Robert [2020-11-27 09:52]: > The ideal solution will include: > - no passwords in init.el I do keep passwords in init.el as it is personal file. I do not keep passwords in init.el on remote servers. Then I would prefer entering them. If it is multi user server then what if administrator or some other user with access rights or backdoor is listening on tty to read what I am typing? Change permissions: -rw------- 1 50K Nov 25 22:04 init.el Use better umask limits and also change permission on /home/user directory to be user readable only if user is "protected" then /home/protected would be: drwx------ 244 92K Nov 27 09:22 protected Database password is not the only thing that is private, there are other more important or more private things in the user's directory. Unless init.el is not published for demonstrations it can be used to store passwords. > - I connect to the database using sql-connect or sql-postgres > - (usually PostgreSQL) when connecting, I choose an alias to the > - database > - I am only asked to enter a password in order to decrypt the > - authinfo wallet file Interesting, as I may use those methods for program I am developing when it comes to be used by public. For Unix domain sockets I use trust method in pg_hba.conf # "local" is for Unix domain socket connections only local all all trust For remote databases SSL security with usernames and passwords is necessary.