Joe Moyle wrote:
>> Joe Moyle wrote:
>>> While doing some poking around I discovered that the passwords in
>>> pgpass.conf file are stored in plain text. I consider this a bug.
>>> Would the 'powers that be' list this as a bug and add it to the TODO
>> This is how PostgreSQL's libpq requires the file to be formatted.
>> Regards, Dave.
> First let me say that I'm not a programmer (wanna-be at best) so I'm
> asking forgiveness in advance if I use the wrong nomenclature or fail to
> communicate what I'm thinking in terms that interested parties can
> easily understand.
> I'm looking at the documentation for the libpq method called
> PQconnectdb. I see that it requires user and password in a scenario
> like I've got my server set up. I still think that PGA3 storing the
> password in plain text is a bug. Wouldn't it be better if it stored it
> encrypted using an encryption algorithm that can be unencrypted so that
> it could be unencrypted and then sent to libpq in plain text?
> When trying to answer this question for myself I thought that it might
> be pointless because some key would be required for unencrypting. I
> then thought that if I had to type in the key every time it would blow
> my lazy desire to type less out of the water. Upon further reflection I
> thought that it would still be better since I would only have to
> remember one key instead of the various username/password combinations.
> I can't help but feel I'm missing something obvious here but am just too
> ignorant to know it. I'll continue reading the libpq documentation and
> thinking about it.
pgAdmin only ever writes the file, libpq does the reading so we have to
write it in the format it dictates. See
pgAdmin 1.8 does also warn you about the possible consequences of having
an unsecured pgpass file.
In response to
pgadmin-support by date
|Next:||From: Guillaume Lelarge||Date: 2007-05-23 16:58:27|
|Subject: Re: Server order|
|Previous:||From: Joe Moyle||Date: 2007-05-23 16:02:21|
|Subject: Re: Bug Report - PGAdmin3 windows pgpass.conf passwords stored in plain text|