On Wed, Jun 13, 2012 at 2:12 AM, Craig Ringer
<craig@postnewspapers.com.au> wrote:
>
> Users don't remember passwords, though. It's one of those constants, and is
> why practically every web site etc out there offers password recovery.
>
> The installer IMO needs to store the postgres account password in a registry
> key with permissions set so that only users with local admin rights (ie: who
> can use the installer) can view it. I don't like the idea of storing a
> password, but it's only going to be accessible if you already have rights to
> the registry as local admin, in which case the attacker can just reset it
> themselves (or root your machine). So long as they installer warns that the
> password shouldn't be one you use elsewhere because it can be recovered from
> your computer, I don't see a problem.---
The idea of storing the password in clear text in the registry gives
me nervous twitches. Whilst is should be secure if done as you
suggest, a) a simple mistake could leave it vulnerable and give us an
embarrassing security issue to deal with. It also doesn't help us in
the cases where users have another installation of PostgreSQL from
somewhere that doesn't store the password (which is likely to be the
case for years to come, even if it was our installer that was used
previously).
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
