Re: Client-side password encryption - Mailing list pgadmin-hackers

From Peter Eisentraut
Subject Re: Client-side password encryption
Date
Msg-id 200601051145.54199.peter_e@gmx.net
Whole thread Raw
In response to Client-side password encryption  (Peter Eisentraut <peter_e@gmx.net>)
Responses Re: Client-side password encryption
List pgadmin-hackers
The officially sanctioned function for this is now PQencryptPassword() in
libpq.  Please consider using it when available.

I wrote:
> Commands like CREATE USER foo PASSWORD 'bar' transmit the password in
> cleartext and possibly save the password in various client or server
> log files.  I have just fixed this for psql and createuser to encrypt
> the password on the client side.  A quick check of the pgadmin3 source
> code shows that you are also affected by this issue.  I ask you to
> check where you paste cleartext passwords into SQL commands and change
> those to encrypt the password before sending or storing it anywhere.
> The required function pg_md5_encrypt() is contained in libpq.

pgadmin-hackers by date:

Previous
From: svn@pgadmin.org
Date:
Subject: SVN Commit by dpage: r4869 - trunk/www/pgadmin3/css
Next
From: Andreas Pflug
Date:
Subject: Re: Client-side password encryption