Thread: Escaping : and \ in pgpass

Escaping : and \ in pgpass

From
Kevin Locke
Date:
Hello All,

It appears that the way pgAdmin parses pgpass differs from the format
documented for libpq[1] with respect to escaping : and \ characters.
I noticed the difference when version 1.14.2 ignored my (escaped)
pgpass entry for ::1 which was as follows:

\:\:1:5432:*:username:password

From what I can tell from looking at the current git sources, this
would occur from escapes in IPv6 addresses and usernames or passwords
with escaped : or \.

The IPv6 case is not too serious as psql will accept addresses without
escapes as well (I haven't tested username/passwords).  I just wanted
to bring it to your attention.

If you decide to change the behavior, you may want to note that libpq
changed its unescaping behavior in 9.2 as a result of this[2] ML
thread.

1.  http://www.postgresql.org/docs/current/static/libpq-pgpass.html
2.  http://www.postgresql.org/message-id/20111217082754.GB30887@rice.edu

-- 
Cheers,      |  kevin@kevinlocke.name   | JIM:  kevinoid@jabber.org
Kevin        |  http://kevinlocke.name  | IRC: kevinoid on freenode



Re: Escaping : and \ in pgpass

From
Dave Page
Date:
Hi

On Mon, Feb 18, 2013 at 4:19 PM, Kevin Locke <kevin@kevinlocke.name> wrote:
> Hello All,
>
> It appears that the way pgAdmin parses pgpass differs from the format
> documented for libpq[1] with respect to escaping : and \ characters.
> I noticed the difference when version 1.14.2 ignored my (escaped)
> pgpass entry for ::1 which was as follows:
>
> \:\:1:5432:*:username:password
>
> From what I can tell from looking at the current git sources, this
> would occur from escapes in IPv6 addresses and usernames or passwords
> with escaped : or \.
>
> The IPv6 case is not too serious as psql will accept addresses without
> escapes as well (I haven't tested username/passwords).  I just wanted
> to bring it to your attention.
>
> If you decide to change the behavior, you may want to note that libpq
> changed its unescaping behavior in 9.2 as a result of this[2] ML
> thread.
>
> 1.  http://www.postgresql.org/docs/current/static/libpq-pgpass.html
> 2.  http://www.postgresql.org/message-id/20111217082754.GB30887@rice.edu

Yes, it looks like there is no support for escaping in the current
code. pgServer::StorePassword() and pgServer::GetPasswordIsStored()
certainly don't read/write escape characters when checking to see if a
password is needed from the user, or saving one, and similarly
pgPassConfigLine::Init(const wxString &line) and
pgPassConfigLine::GetText() are happily oblivious when editing files.

Neel, can you look at both issues and post a patch to fix them on the
mailing list please? It may make sense to make some of the code common
to both pairs of functions.

Thanks.

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company