Re: pgAdmin III 1.6.2 sends plaintext password

From: "Andy Shellam (Mailing Lists)" <andy(dot)shellam-lists(at)mailnetwork(dot)co(dot)uk>
To: patrimith <paddysmith(at)gmail(dot)com>
Cc: pgadmin-support(at)postgresql(dot)org
Subject: Re: pgAdmin III 1.6.2 sends plaintext password
Date: 2007-02-15 21:39:55
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgadmin-support

patrimith wrote:
> Andy Shellam (Mailing Lists) wrote:
>> What is the value of "password_encryption" in your PostgreSQL server's
>> postgresql.conf file?
>> [root(at)byron ~]# cat /endeavour/dbstore/postgresql.conf|grep
>> 'password_encryption'
>> password_encryption = on
>> [root(at)byron ~]#
> That's the value in my PostgreSQL server's postgresql.conf.
> Are you saying that pgAdmin knows the password_encryption setting for the
> server?

I'm not sure, but I'd hazard a guess it's the underlying libpq library
that during the handshake works out which authentication scheme to use.
How was your user created? When you add a new login role, it stores the
encrypted password in the login profile:

VALID UNTIL 'infinity';

If the value of password_encryption was set to off when the user was
created, I'd guess it would create it with a plain-text password (not
100% sure.)

> I'd like to be able to connect using both plaintext and md5-encrypted
> passwords to the same server depending on the environment in which the
> client lives.

Create a different line in pg_hba.conf for each host environment
(network IP range), using the relevant "password" or "md5" keyword.


In response to

Browse pgadmin-support by date

  From Date Subject
Next Message Milen A. Radev 2007-02-15 21:59:21 Re: fe_sendsuth: no password supplied
Previous Message patrimith 2007-02-15 21:32:09 Re: pgAdmin III 1.6.2 sends plaintext password