Bug Report - PGAdmin3 windows pgpass.conf passwords stored in plain text

From: "Joe Moyle" <jmoyle(at)paymetric(dot)com>
To: <pgadmin-support(at)postgresql(dot)org>
Subject: Bug Report - PGAdmin3 windows pgpass.conf passwords stored in plain text
Date: 2007-05-23 14:52:40
Message-ID: 8B1D2F832D92D84BB2C583614AAD7C09034D7CDD@pmmail02.paymetric.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgadmin-support

I'm working on my first PostgreSQL project. We are attempting a proof
of concept. I'm using PGAdmin 3 v1.6.2 on a Windows XP Pro workstation.
I like the option to 'Save Password' because I'm generally lazy and
don't want to type in the password every time I log on.

While doing some poking around I discovered that the passwords in the
pgpass.conf file are stored in plain text. I consider this a bug.

Being new to PGS and not fully understanding all the implications I set
up my database to use MD5 for password encryption. So, I attempted to
replace the plain text password in pgpass.conf with the MD5 encrypted
one hoping that PGA3 would see the MD5 as the first few characters and
realize that it didn't have to encrypt the password before sending it to
the server. No such luck.

I searched the Known Issues and didn't see this listed as a problem. I
searched the TODO list and didn't see any mention of this problem. I
realize that the work around is to simply not make use of the 'store
password' option but then I can't help but wonder why the 'store
password' option exists in the product.

Would the 'powers that be' list this as a bug and add it to the TODO
list?

Joe Moyle
Sr. DBA
Office (713) 895-2055
Fax (713) 895-2001
JMoyle(at)Paymetric(dot)com

Responses

Browse pgadmin-support by date

  From Date Subject
Next Message yoursoft 2007-05-23 15:17:44 Re: Bug Report - PGAdmin3 windows pgpass.conf passwords stored in plain text
Previous Message Luca Ferrari 2007-05-23 11:40:33 Re: pgAdmin III 1.6.3 for ubuntu feisty uploaded.