Ben,
* dlo@isam.kiwi (dlo@isam.kiwi) wrote:
> When storing credentials for connections into ~/.pgpass the credentials is
> stored in delimited plaintext form. Not only is this practise a security
> risk,=20
This isn't a bug, it's intentional, and if it goes against your security
requirements then simply don't do it. Storing it in .pgpass encrypted
would require a password to either be provided (in which case, just
don't have the password in the pgpass file..) or for the key to be
stored in plain-text somewhere, which would be the same situation.
Perhaps there is a feature request in here somewhere to have an
ssh-agent like daemon, but there simply hasn't been demand for it.
> but when the credential contains the delimiter (colon) it fails to be
> read back out and app responds with "invalid credentials".
>=20
> x.x.x.x:5432:*:username:password:with:colons
Per the fine documentation, you need to escape any such usage with a
backslash. Please review:
http://www.postgresql.org/docs/9.3/static/libpq-pgpass.html
Thanks,
Stephen