Home > mailing lists

Re: Client-side password encryption - Mailing list pgadmin-hackers

From	Peter Eisentraut
Subject	Re: Client-side password encryption
Date	January 5, 2006 10:11:24
Msg-id	200601051145.54199.peter_e@gmx.net Whole thread Raw
In response to	Client-side password encryption (Peter Eisentraut <peter_e@gmx.net>)
Responses	Re: Client-side password encryption (Andreas Pflug <pgadmin@pse-consulting.de>)
List	pgadmin-hackers

Tree view

The officially sanctioned function for this is now PQencryptPassword() in
libpq.  Please consider using it when available.

I wrote:
> Commands like CREATE USER foo PASSWORD 'bar' transmit the password in
> cleartext and possibly save the password in various client or server
> log files.  I have just fixed this for psql and createuser to encrypt
> the password on the client side.  A quick check of the pgadmin3 source
> code shows that you are also affected by this issue.  I ask you to
> check where you paste cleartext passwords into SQL commands and change
> those to encrypt the password before sending or storing it anywhere.
> The required function pg_md5_encrypt() is contained in libpq.

pgadmin-hackers by date:

From: svn@pgadmin.org
Date: 04 January 2006, 10:23:24
Subject: SVN Commit by dpage: r4869 - trunk/www/pgadmin3/css

From: Andreas Pflug
Date: 05 January 2006, 10:40:28
Subject: Re: Client-side password encryption

Re: Client-side password encryption - Mailing list pgadmin-hackers

Previous

Next