stackoom
  简体   繁体   中英

Security of postgresql pg.Pool connection pool credentials

 原文  2017-10-13 19:11:20       node.js/ database/ postgresql/ security

Question

How to securely store postgresql pg.Pool connection pool credentials in a node.js implementation? After setting config object to pass to pg.Pool it is stored unencrypted in the Pool object, which means it is visible in memory at all times.

Does pg.Pool have a callback mechanism whereby it could call your function to decrypt on the fly only when it needs the credentials, or somehow secure it somewhere else other than storing it in the pool object, with the goal of keeping it out of memory for extended amounts of time in an unencrypted state?

Please advise.

1 answers

solution1
 1 ACCPTED  2017-10-14 17:39:35

Does pg.Pool have a callback mechanism whereby it could call your function to decrypt on the fly only when it needs the credentials

No such thing, because the connection details are meant strictly for the server-side.

You can only decrypt the connection just before creating the Pool object. After that it will be kept internally by the object.

In a corporate environment, your database server should simply reside within DMZ.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Node.js: initiate pg.Pool() How to fetch from two databases in a single request in koajs using pg.pool Using Knex with own pg connection pool Share a database connection pool between sequelize and pg reusing postgresql connection pool in nodejs Connection pool using pg-promise What happens when Postgresql Connection Pool is exhausted? Mock postgres database connection(Pool, PoolClient, pg) using jest in typescript How to mock pg Pool with Sinon pg pool - whats right way to utilise pg pool with timeout functionality
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM