| From: | Dave Page <dpage(at)postgresql(dot)org> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Tony Caduto <tony_caduto(at)amsoftwaredesign(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Password issue revisited |
| Date: | 2007-02-20 19:47:06 |
| Message-ID: | 45DB503A.3010303@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs pgsql-general |
Magnus Hagander wrote:
> Dave Page wrote:
>> Magnus Hagander wrote:
>>
>>> Just to make things clear, this wouldn't be about another auth method.
>>> Windows has an API to store arbitrary passwords in a "secure way". At
>>> least it does in XP+, not sure if it was in 2000.
>> Would it really solve Tony's problem though? I'm not familiar with the
>> API you're thinking of, but do be useful to us it must be able to give
>> the unencrypted passwords back to us, and therefore anything else
>> pretending to be us.
>
> yeah, but it pops up a GUI notification for you. It's what IE uses to
> store things like passports. It's also used, IIRC, by the new RDP client
> that's available, and a few more.
> Did a quick check, and it's XP/2003 only. See
> http://msdn2.microsoft.com/en-us/library/aa302353.aspx.
That would break all the non-interactive apps that we recommend using
pgpass with to prevent storing passwords in even less secure places.
Regards, Dave.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Hammond | 2007-02-21 01:19:03 | should we have a separate page that clearly defines what a minor release is and why it's a good idea to keep up with them? |
| Previous Message | Magnus Hagander | 2007-02-20 19:33:00 | Re: Password issue revisited |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrej Ricnik-Bay | 2007-02-20 20:36:13 | Re: Syncing postgres data with Pocket PC |
| Previous Message | Magnus Hagander | 2007-02-20 19:33:00 | Re: Password issue revisited |