From: | Dave Page <dpage(at)pgadmin(dot)org> |
---|---|
To: | Dhiraj Chawla <dhiraj(dot)chawla(at)enterprisedb(dot)com> |
Cc: | Akshay Joshi <akshay(dot)joshi(at)enterprisedb(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Heikki Linnakangas <hlinnakangas(at)vmware(dot)com>, dlo(at)isam(dot)kiwi, pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org> |
Subject: | Re: Re: [BUGS] BUG #10250: pgAdmin III 1.16.1 stores unescaped plaintext password |
Date: | 2014-05-28 11:47:52 |
Message-ID: | CA+OCxoyh3jVNxiioiumiDjoF2ef1rJ4gzkrC3w45mZhFNRZ_mg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgadmin-hackers pgsql-bugs |
Thanks - patch applied.
On Thu, May 22, 2014 at 6:17 AM, Dhiraj Chawla <
dhiraj(dot)chawla(at)enterprisedb(dot)com> wrote:
> Hi Akshay,
>
> I have reviewed the patch and tested it as well on the Linux platform. The
> patch looks good to me. It is working as expected.
>
> regards,
>
> *Dhiraj Chawla*
> Senior Software Engineer
> EnterpriseDB Corporation
> The Enterprise PostgreSQL Company
>
> Phone: +91-20-30589522
>
>
> On Tue, May 20, 2014 at 5:58 PM, Dhiraj Chawla <
> dhiraj(dot)chawla(at)enterprisedb(dot)com> wrote:
>
>> Sure Dave. I will review the patch and update accordingly.
>>
>> regards,
>>
>> *Dhiraj Chawla*
>> Senior Software Engineer
>> EnterpriseDB Corporation
>> The Enterprise PostgreSQL Company
>>
>> Phone: +91-20-30589522
>>
>>
>> On Fri, May 16, 2014 at 1:53 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>>
>>> Thanks Akshay. Dhiraj, can you review please? I'm a little busy right
>>> now.
>>>
>>> Thanks.
>>>
>>>
>>> On Thu, May 15, 2014 at 7:39 AM, Akshay Joshi <
>>> akshay(dot)joshi(at)enterprisedb(dot)com> wrote:
>>>
>>>> Hi Dave
>>>>
>>>> I have fixed the escaping issue and tested it. It works fine for me.
>>>> Attached is the patch file, can you please review it.
>>>> If code looks good to you, can you please commit the code.
>>>>
>>>>
>>>> On Thu, May 8, 2014 at 2:34 PM, Akshay Joshi <
>>>> akshay(dot)joshi(at)enterprisedb(dot)com> wrote:
>>>>
>>>>> Sure.
>>>>>
>>>>>
>>>>> On Thu, May 8, 2014 at 1:37 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>>>>>
>>>>>> Akshay, can you look into the quoting problem please.
>>>>>>
>>>>>> On Thu, May 8, 2014 at 1:07 AM, Stephen Frost <sfrost(at)snowman(dot)net>
>>>>>> wrote:
>>>>>> > * Heikki Linnakangas (hlinnakangas(at)vmware(dot)com) wrote:
>>>>>> >> (forwarding to pgadmin-hackers)
>>>>>> >
>>>>>> > Ah.
>>>>>> >
>>>>>> >> On 05/07/2014 06:44 PM, Stephen Frost wrote:
>>>>>> >> >* dlo(at)isam(dot)kiwi (dlo(at)isam(dot)kiwi) wrote:
>>>>>> >> >>but when the credential contains the delimiter (colon) it fails
>>>>>> to be
>>>>>> >> >>read back out and app responds with "invalid credentials".
>>>>>> >> >>
>>>>>> >> >>x.x.x.x:5432:*:username:password:with:colons
>>>>>> >> >
>>>>>> >> >Per the fine documentation, you need to escape any such usage
>>>>>> with a
>>>>>> >> >backslash. Please review:
>>>>>> >>
>>>>>> >> Stephen, you missed the context. pgadmin3 saves .pgpass, when you
>>>>>> >> check the "store password" checkbox in the connection dialog. And
>>>>>> >> apparantly pgadmin3 doesn't do that escaping properly.
>>>>>> >
>>>>>> > Wow, that's pretty rough. Hopefully they'll be able to fix it
>>>>>> soon. :)
>>>>>> >
>>>>>> > Thanks,
>>>>>> >
>>>>>> > Stephen
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Dave Page
>>>>>> Blog: http://pgsnake.blogspot.com
>>>>>> Twitter: @pgsnake
>>>>>>
>>>>>> EnterpriseDB UK: http://www.enterprisedb.com
>>>>>> The Enterprise PostgreSQL Company
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> *Akshay Joshi*
>>>>> *Principal Software Engineer *
>>>>>
>>>>>
>>>>>
>>>>> *Phone: +91 20-3058-9517 <%2B91%2020-3058-9517> Mobile: +91
>>>>> 976-788-8246 <%2B91%20976-788-8246>*
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> *Akshay Joshi*
>>>> *Principal Software Engineer *
>>>>
>>>>
>>>>
>>>> *Phone: +91 20-3058-9517 <%2B91%2020-3058-9517> Mobile: +91
>>>> 976-788-8246 <%2B91%20976-788-8246>*
>>>>
>>>
>>>
>>>
>>> --
>>> Dave Page
>>> Blog: http://pgsnake.blogspot.com
>>> Twitter: @pgsnake
>>>
>>> EnterpriseDB UK: http://www.enterprisedb.com
>>> The Enterprise PostgreSQL Company
>>>
>>
>>
>
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Dave Page | 2014-05-28 11:49:31 | pgAdmin III commit: Fix a potential crash in the debugger. |
Previous Message | Dave Page | 2014-05-28 11:45:55 | pgAdmin III commit: Fix escape handling in pgpass files. |
From | Date | Subject | |
---|---|---|---|
Next Message | Artiom Makarov | 2014-05-28 12:04:32 | pl/pgsql incorrect syntax checking on select .... into ... ? |
Previous Message | yosxpe23 | 2014-05-28 09:47:42 | Re: BUG #8470: 9.3 locking/subtransaction performance regression |