Tony Caduto wrote:
> Dave Page wrote:
>>
>> What you are saying is that because you don't believe in the pgpass
>> design, you are going to summarily delete them - which I know for
>> absolute sure would *really* annoy some pgAdmin users that I know for
>> a fact have a whole heap of passwords stored in theirs. Doing that
>> would only hurt your products reputation, not mine.
>>
> Dave,
>
> My product is not storing passwords using pgpass without the users
> knowledge.
> If pgAdmin III stored it's own passwords in the registry it would be up
> to the user (as it should be) to use pgpass.
> If they chose to use pgpass, libpq would override the passwords stored
> in the registry anyway, which is what pgAdmin III is doing
> automatically to my application without my or my users consent.
>
> pgAdmin III is corrupting the intended use of pgpass. It seems you guys
> did it as a shortcut so you wouldn't have to write your own password
> storage
> code which is not that difficult to do anyway.
You think that's a shortcut? It's far harder to automatically maintain
that file without screwing up user entries than it would be for us to
store the password alongside the other connection details - that's a 100
line vs. 1 line kind of ratio!! Using pgpass was intentional, as was the
fact we made it option, as was the fact that we documented the effects
and consequences of saving the password, as was the fact that we also
have an editor for users to manually tweak the file if they wish.
Regards, Dave
