Re: I "might" have found a bug on 8.2.1 win32

> ------- Original Message -------
> From: Tony Caduto <tony_caduto(at)amsoftwaredesign(dot)com>
> To: Dave Page <dpage(at)postgresql(dot)org>
> Sent: 01/02/07, 21:18:49
> Subject: Re: [GENERAL] I "might" have found a bug on 8.2.1 win32
>
> I may be forced to start deleting the pgpass file unless we can work
> something out.

I must Be missing the point - why should I work something out with your app for using a documented feature of libpq in pgAdmin?

> I saw in the docs you can specify a alternate location for the pgpass
> file, why don't you guys use some other location so you are not
> impacting other
> apps? If a user goes into %APPDATA%\postgresql\pgpass.conf with the
> specific purpose of setting up a pgpass file so they don't have to enter
> a password that's a differnt story.

Because PGPASSFILE only appeared in 8.1 and we don't know if our libpq supports it at runtime.

> Not to mention that the whole pgpass thing is a huge security hole, it
> would be different if the passwords where encrypted or hashed, but they
> are just sitting there in plain text.

In an 0600 file on *nix, or in your profile on Windows, which if you were concerned with security would be secured as well.

> If you have a way to prevent my app from automatically using settings
> set by pgAdmin III, I am willing to listen.

To what? I'm not the one wanting to change anything! :-)

/D