Home > mailing lists

BUG #10250: pgAdmin III 1.16.1 stores unescaped plaintext password - Mailing list pgsql-bugs

From	dlo@isam.kiwi
Subject	BUG #10250: pgAdmin III 1.16.1 stores unescaped plaintext password
Date	May 7, 2014 16:20:21
Msg-id	20140507043248.1398.38867@wrigleys.postgresql.org Whole thread Raw
Responses	Re: BUG #10250: pgAdmin III 1.16.1 stores unescaped plaintext password (Stephen Frost <sfrost@snowman.net>)
List	pgsql-bugs

Tree view

The following bug has been logged on the website:

Bug reference:      10250
Logged by:          Ben Walter
Email address:      dlo@isam.kiwi
PostgreSQL version: Unsupported/Unknown
Operating system:   openSUSE 13.1 (Bottle) (x86_64)
Description:

When storing credentials for connections into ~/.pgpass the credentials is
stored in delimited plaintext form. Not only is this practise a security
risk, but when the credential contains the delimiter (colon) it fails to be
read back out and app responds with "invalid credentials".

x.x.x.x:5432:*:username:password:with:colons

pgsql-bugs by date:

From: Graham Johnson
Date: 07 May 2014, 16:20:17
Subject: lost administrator privileges after postgres installation!

From: Tom Lane
Date: 07 May 2014, 16:49:32
Subject: Re: pg_ctl of postgres 8.4 doesn't behave the same than 9.x when using a custom unix socket path

BUG #10250: pgAdmin III 1.16.1 stores unescaped plaintext password - Mailing list pgsql-bugs

Previous

Next