Joe,
You took a good first step in setting up authenication to use MD5 by
default. Now, (as a new community member) I have a few questions to
determine what encrypting the password would accomplish.
What would such an encryption protect against? You can explicitly set the
permissions on your Application Data directory to refuse "All Users" read
permission; on my WinXP box, the Postgres directory under App Data only
explicitly allows access from myself, the Administrator, or SYSTEM. I'm
not a Windows expert so I don't know if "read" permissions are implied by
virtue of not having "read" restrictions...
So, if you've secured the file so that only you can read it, the next step
is to secure the file so that if someone logs in as you and gets the file,
they can only see encrypted bytes in the password file. But let me ask -
if someone can login as you, can't they login to your PG datbases anyway,
by virtue of your having saved your passwords?
Even if it were trivial to encrypt the password, we'd have to figure out
how to encrypt it securely, because trivial encryption methods are broken
easily. Since pgAdmin is designed to be more of a "maintenance" tool than
an "end user" tool, it is considered to be more "protected" from
intrusion; compare this with the passwords being sent over the wire, which
can be encrypted with MD5 because they are not as protected as a
limited-use maintenance tool.
Hope this helps,
-Josh
