| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Dave Page <dpage(at)postgresql(dot)org> |
| Cc: | Tony Caduto <tony_caduto(at)amsoftwaredesign(dot)com>, Pgsql-general(at)postgresql(dot)org |
| Subject: | Re: I "might" have found a bug on 8.2.1 win32 |
| Date: | 2007-02-01 23:11:56 |
| Message-ID: | 20070201231156.GB18987@svr2.hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, Feb 01, 2007 at 09:53:26PM -0000, Dave Page wrote:
> > Not to mention that the whole pgpass thing is a huge security hole, it
> > would be different if the passwords where encrypted or hashed, but they
> > are just sitting there in plain text.
>
> In an 0600 file on *nix, or in your profile on Windows, which if you were concerned with security would be secured as well.
Not to mention it's secured by default, and you'd actually have to go
out of your way to make it *unsecure*.
(Yes, one common way to make it unsecure is to make every local user an
administrator is a comon way to break it, but if you do that you have so
many other ways ot hack that system it doesn' tmake a real difference)
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2007-02-01 23:15:45 | Re: I "might" have found a bug on 8.2.1 win32 |
| Previous Message | Scott Marlowe | 2007-02-01 23:11:44 | Re: Production systems beware: U.S. Daylight Savings Time comes at a new time this year |