From: "Andrew Dunstan"
> Thomas Bley wrote:
>
>>
>>
>> + The .pgpass file will be automatically created if you're using
>> pgAdmin III with "store password" being enabled in the connection
>> settings.
>>
>
> It strikes me that this is actually a bad thing for pgadmin3 to be
> doing. It should use its own file, not the deafult location, at least if
> the libpq version is >= 8.1. We provided the PGPASSFILE environment
> setting just so programs like this could use alternative locations for
> the pgpass file. Otherwise, it seems to me we are violating the POLS, as
> in the case of this user who not unnaturally thought he had found a
> major security hole.
Ummm, The function which pgAdmin offers is the optimal in present. I do not
think that PGPASSFILE avoids the danger clearly. Probably, It is easy for the
user who is malicious in the change to find it. I consider it to be a problem that
the password is finally PlainText. Then, I made the proposal before. However,
It was indicated that deliberation is required again..... I want to consider a good
method again. Is there any proposal with good someone?
Regards,
Hiroshi Saito
