Skip site navigation (1) Skip section navigation (2)

Bug Report - PGAdmin3 windows pgpass.conf passwords stored in plain text

From: "Joe Moyle" <jmoyle(at)paymetric(dot)com>
To: <pgadmin-support(at)postgresql(dot)org>
Subject: Bug Report - PGAdmin3 windows pgpass.conf passwords stored in plain text
Date: 2007-05-23 14:52:40
Message-ID: 8B1D2F832D92D84BB2C583614AAD7C09034D7CDD@pmmail02.paymetric.com (view raw or flat)
Thread:
Lists: pgadmin-support
I'm working on my first PostgreSQL project.  We are attempting a proof
of concept.  I'm using PGAdmin 3 v1.6.2 on a Windows XP Pro workstation.
I like the option to 'Save Password' because I'm generally lazy and
don't want to type in the password every time I log on.  

While doing some poking around I discovered that the passwords in the
pgpass.conf file are stored in plain text.  I consider this a bug.  

Being new to PGS and not fully understanding all the implications I set
up my database to use MD5 for password encryption.  So, I attempted to
replace the plain text password in pgpass.conf with the MD5 encrypted
one hoping that PGA3 would see the MD5 as the first few characters and
realize that it didn't have to encrypt the password before sending it to
the server.  No such luck.

I searched the Known Issues and didn't see this listed as a problem.  I
searched the TODO list and didn't see any mention of this problem.  I
realize that the work around is to simply not make use of the 'store
password' option but then I can't help but wonder why the 'store
password' option exists in the product.

Would the 'powers that be' list this as a bug and add it to the TODO
list?

Joe Moyle
Sr. DBA
Office (713) 895-2055
Fax (713) 895-2001
JMoyle(at)Paymetric(dot)com




Responses

pgadmin-support by date

Next:From: yoursoftDate: 2007-05-23 15:17:44
Subject: Re: Bug Report - PGAdmin3 windows pgpass.conf passwords stored in plain text
Previous:From: Luca FerrariDate: 2007-05-23 11:40:33
Subject: Re: pgAdmin III 1.6.3 for ubuntu feisty uploaded.

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group