PostgreSQL Backup Script

Dear all,

I am stuck with database backup.
While using pg_dump the utility asks for password but since I require
this process to be automated the password prompt is giving me
headaches
is their any way by which can pass the password automatically.
Like setting up a variable in php which passes the password to the
pg_dump utility on prompt this way the whole process of pg_dump would
get automated.
One obvious solution was to use .pgpass but it does not appeal me
because it is again a security threat.
any pointers or help may lead to unlocked secret.

--
With Best Regards,
Vishal Kashyap.
Lead Software Developer,
http://saihertz.com,
http://vishalkashyap.tk

---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to majordomo@postgresql.org)

Re: PostgreSQL Backup Script

> One obvious solution was to use .pgpass but it does not appeal me
> because it is again a security threat.
> any pointers or help may lead to unlocked secret.

..pgpass is the only way to do it that is NOT a security threat.

You can set PGUSER and PGPASSWORD environmental variables, but they are
easily readable from other processes.

I suggest allowing the 'postgres' user to connect with 'ident sameuser'
in pg_hba.conf from the localhost only, then always just run pg_dump as
'postgres'.

Chris

---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faq

Re: PostgreSQL Backup Script

vishalonlist@gmail.com ("Vishal Kashyap @ [SaiHertz]") wrote:
> I am stuck with database backup.
> While using pg_dump the utility asks for password but since I require
> this process to be automated the password prompt is giving me
> headaches
> is their any way by which can pass the password automatically.
> Like setting up a variable in php which passes the password to the
> pg_dump utility on prompt this way the whole process of pg_dump would
> get automated.
> One obvious solution was to use .pgpass but it does not appeal me
> because it is again a security threat.
> any pointers or help may lead to unlocked secret.

You seem to be imagining that there can exist a way of storing some
form of a password in a fashion that allows automating these sorts of
things that _doesn't_ present an identical security threat to that
involved with .pgpass

It may take a bit of thinking about the problem to disabuse oneself of
such fantasies...
--
(reverse (concatenate 'string "gro.mca" "@" "enworbbc"))
http://linuxfinances.info/info/security.html
Rules of the Evil Overlord #125. "Should I actually decide to kill the
hero in an elaborate escape-proof deathtrap room (water filling up,
sand pouring down, walls converging, etc.) I will not leave him alone
five-to-ten minutes prior to "imminent" death, but will instead
(finding a vantage point or monitoring camera) stick around and enjoy
watching my adversary's demise."

---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@postgresql.org so that your
message can get through to the mailing list cleanly

Re: PostgreSQL Backup Script

> I suggest allowing the 'postgres' user to connect with 'ident sameuser'
> in pg_hba.conf from the localhost only, then always just run pg_dump as
> 'postgres'.

That means

# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
host localhost 255.255.255.255
ident sameuser

only will NOT be asked for password when it does
pg_dump -U
when logged in to its shell account with
and If I run a crontab with user the above lines again stands true.


What you say ?

--
With Best Regards,
Vishal Kashyap.
Lead Software Developer,
http://saihertz.com,
http://vishalkashyap.tk

---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to majordomo@postgresql.org)

Re: PostgreSQL Backup Script

On Fri, Apr 01, 2005 at 11:18:13 +0530,
"Vishal Kashyap @ [SaiHertz]" wrote:
> > I suggest allowing the 'postgres' user to connect with 'ident sameuser'
> > in pg_hba.conf from the localhost only, then always just run pg_dump as
> > 'postgres'.
>
> That means
>
> # TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
> host localhost 255.255.255.255
> ident sameuser
>
> only will NOT be asked for password when it does
> pg_dump -U
> when logged in to its shell account with
> and If I run a crontab with user the above lines again stands true.
>
>
> What you say ?

Don't do this as a host entry if your OS supports domain sockets with
getpeerid. Use a 'local' entry. That way you don't need to run an ident
server.

You also have the option to set up custom map entries so that the OS user
is not the same as the DB user.

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster