Quick Links

Re: password is no required, authentication is overridden

From:	Andrew Dunstan <andrew(at)dunslane(dot)net>
To:	Thomas Bley <thbley(at)gmail(dot)com>
Cc:	pgsql-hackers(at)postgresql(dot)org
Subject:	Re: password is no required, authentication is overridden
Date:	2006-07-18 21:41:53
Message-ID:	44BD55A1.90703@dunslane.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Thomas Bley wrote:

>
>
> + The .pgpass file will be automatically created if you're using
> pgAdmin III with "store password" being enabled in the connection
> settings.
>

It strikes me that this is actually a bad thing for pgadmin3 to be
doing. It should use its own file, not the deafult location, at least if
the libpq version is >= 8.1. We provided the PGPASSFILE environment
setting just so programs like this could use alternative locations for
the pgpass file. Otherwise, it seems to me we are violating the POLS, as
in the case of this user who not unnaturally thought he had found a
major security hole.

cheers

andrew

In response to

Re: password is no required, authentication is overridden at 2006-07-18 21:25:52 from Thomas Bley

Responses

Re: password is no required, authentication is overridden at 2006-07-18 21:54:44 from Thomas Bley
Re: password is no required, authentication is overridden at 2006-07-19 00:33:24 from Hiroshi Saito
Re: password is no required, authentication is overridden at 2006-07-19 12:35:42 from Andreas Pflug

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Thomas Bley	2006-07-18 21:54:44	Re: password is no required, authentication is overridden
Previous Message	Thomas Bley	2006-07-18 21:39:20	Re: [PATCHES] 8.2 features?