Commands like CREATE USER foo PASSWORD 'bar' transmit the password in
cleartext and possibly save the password in various client or server
log files. I have just fixed this for psql and createuser to encrypt
the password on the client side. A quick check of the pgadmin3 source
code shows that you are also affected by this issue. I ask you to
check where you paste cleartext passwords into SQL commands and change
those to encrypt the password before sending or storing it anywhere.
The required function pg_md5_encrypt() is contained in libpq.
pgadmin-hackers by date
|Next:||From: Dave Page||Date: 2005-12-18 15:53:53|
|Subject: Re: Client-side password encryption|
|Previous:||From: Dave Page||Date: 2005-12-16 22:56:59|
|Subject: Re: [pgadmin-support] PgAdmin3 1.4.1 on Mac OSX 1.4.1 is|