From: | "Joe Moyle" <jmoyle(at)paymetric(dot)com> |
---|---|
To: | "Dave Page" <dpage(at)postgresql(dot)org> |
Cc: | <pgadmin-support(at)postgresql(dot)org> |
Subject: | Re: Bug Report - PGAdmin3 windows pgpass.conf passwords stored in plain text |
Date: | 2007-05-23 16:02:21 |
Message-ID: | 8B1D2F832D92D84BB2C583614AAD7C09034D7CDE@pmmail02.paymetric.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgadmin-support |
> Joe Moyle wrote:
...
> > While doing some poking around I discovered that the passwords in
the
> > pgpass.conf file are stored in plain text. I consider this a bug.
...
> > Would the 'powers that be' list this as a bug and add it to the TODO
> > list?
>
> This is how PostgreSQL's libpq requires the file to be formatted.
>
> Regards, Dave.
First let me say that I'm not a programmer (wanna-be at best) so I'm
asking forgiveness in advance if I use the wrong nomenclature or fail to
communicate what I'm thinking in terms that interested parties can
easily understand.
I'm looking at the documentation for the libpq method called
PQconnectdb. I see that it requires user and password in a scenario
like I've got my server set up. I still think that PGA3 storing the
password in plain text is a bug. Wouldn't it be better if it stored it
encrypted using an encryption algorithm that can be unencrypted so that
it could be unencrypted and then sent to libpq in plain text?
When trying to answer this question for myself I thought that it might
be pointless because some key would be required for unencrypting. I
then thought that if I had to type in the key every time it would blow
my lazy desire to type less out of the water. Upon further reflection I
thought that it would still be better since I would only have to
remember one key instead of the various username/password combinations.
I can't help but feel I'm missing something obvious here but am just too
ignorant to know it. I'll continue reading the libpq documentation and
thinking about it.
From | Date | Subject | |
---|---|---|---|
Next Message | Dave Page | 2007-05-23 16:25:45 | Re: Bug Report - PGAdmin3 windows pgpass.conf passwords stored in plain text |
Previous Message | Raymond O'Donnell | 2007-05-23 15:46:06 | Re: Bug Report - PGAdmin3 windows pgpass.conf passwords stored in plain text |