Skip to content

pgstuff/encrypted_fdw_passwords

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
fdw_encrypt_password
fdw_encrypt_password
 
 
fdw_patches
fdw_patches
 
 
fdw_private_key
fdw_private_key
 
 
README
README
 
 

Repository files navigation

Replaces unencrypted passwords with encrypted passwords using an RSA key
pair.

A separate encryption script & key can produce encrypted passwords that
cannot be decrypted without the private key.  The private key is encoded
into the FDW's binary file.

After you patch your FDWs, using unencrypted passwords will no longer
work.  This patch uses the standard password field for storing the
encrypted password.  The existing password field must contain a much
longer encrypted password instead of a plain text one.



# Run:
mkdir ~/fdw_pass
cd ~/fdw_pass
git clone https://github.com/pgstuff/encrypted_fdw_passwords.git
cd encrypted_fdw_passwords/fdw_private_key
./fdw_new_key_pair.sh

# Run:
pg_config

# If pg_config is not found, run:
locate bin/pg_config
# And add it to your path with (adjust as necessary):
export PATH=/usr/pgsql-9.6/bin:$PATH

cd ~/fdw_pass
git clone git://git.postgresql.org/git/postgresql.git
cd postgresql
git checkout tags/REL9_6_0
./configure
# If configure fails, install the necessary packages.
make world
# make will take a while.
cd contrib/postgres_fdw
make clean
make
# If the make command works, then the patch is ready.
patch < ~/fdw_pass/encrypted_fdw_passwords/fdw_patches/postgres_fdw-REL9_6_0-rsa_password.patch
make clean
make
sudo make install
# If the install is not pointing in the correct location, you can copy
# the file postgres_fdw.so manually.
sudo cp -p /usr/local/pgsql/lib/postgres_fdw.so /usr/pgsql-9.6/lib/postgres_fdw.so

cd ~/fdw_pass/encrypted_fdw_passwords/fdw_encrypt_password
./fdw_encrypt.sh
# Enter the password.  The password will be echo'ed as you type.
# If you are confident about your copy and paste accuracy or typing
# skills and do not want the passwords displayed, add -s to the read
# command in the shell script.  Note that you may not get a friendly
# error if the password is incorrect.
# Paste the encrypted password into the FDW's password field.
# The output of the script can also be piped to a file.
# It is safe to distribute the two files in the fdw_encrypt_password
# directory so that anyone can produce encrypted passwords.
# The password cannot be decrypted using those files.



Other drivers:

Note: It is assumed that the your environment has already compiled these
FDWs before.  The dependencies of these FDWs, such as native clients,
are not covered here.

cd ~/fdw_pass
git clone https://github.com/tds-fdw/tds_fdw.git
cd tds_fdw
git checkout tags/v1.0.8
make
# Test the compile before applying the patch with this make command.
git apply ~/fdw_pass/encrypted_fdw_passwords/fdw_patches/tds_fdw-v1.0.8-rsa_password.patch
make clean
make
sudo PATH=$PATH make install

cd ~/fdw_pass
git clone https://github.com/laurenz/oracle_fdw.git
cd oracle_fdw
git checkout tags/ORACLE_FDW_1_5_0
make
# Test the compile before applying the patch with this make command.
git apply ~/fdw_pass/encrypted_fdw_passwords/fdw_patches/oracle_fdw-ORACLE_FDW_1_5_0-rsa_password.patch
make clean
make
sudo PATH=$PATH make install

cd ~/fdw_pass
git clone https://github.com/credativ/informix_fdw.git
cd informix_fdw
git checkout tags/REL0_4_0
make
# Test the compile before applying the patch with this make command.
git apply ~/fdw_pass/encrypted_fdw_passwords/fdw_patches/informix_fdw-REL0_4_0-rsa_password.patch
make clean
make
sudo PATH=$PATH make install

About

PostgreSQL encrypted FDW passwords

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages