Home > mailing lists

Re: password is no required, authentication is overridden - Mailing list pgsql-hackers

From	Andrew Dunstan
Subject	Re: password is no required, authentication is overridden
Date	July 18, 2006 21:42:00
Msg-id	44BD55A1.90703@dunslane.net Whole thread Raw
In response to	Re: password is no required, authentication is overridden (Thomas Bley <thbley@gmail.com>)
Responses	Re: password is no required, authentication is overridden (Thomas Bley <thbley@gmail.com>) Re: password is no required, authentication is overridden (Andreas Pflug <pgadmin@pse-consulting.de>)
List	pgsql-hackers

Tree view

Thomas Bley wrote:

>
>
> + The .pgpass file will be automatically created if you're using 
> pgAdmin III with "store password" being enabled in the connection 
> settings.
>

It strikes me that this is actually a bad thing for pgadmin3 to be 
doing. It should use its own file, not the deafult location, at least if 
the libpq version is >= 8.1. We provided the PGPASSFILE environment 
setting just so programs like this could use alternative locations for 
the pgpass file. Otherwise, it seems to me we are violating the POLS, as 
in the case of this user who not unnaturally thought he had found a 
major security hole.

cheers

andrew

pgsql-hackers by date:

From: Thomas Bley
Date: 18 July 2006, 21:36:39
Subject: Re: [PATCHES] 8.2 features?

From: Thomas Bley
Date: 18 July 2006, 21:52:09
Subject: Re: password is no required, authentication is overridden

Re: password is no required, authentication is overridden - Mailing list pgsql-hackers

Previous

Next