From: "Andrew Dunstan"
Thomas Bley wrote:
+ The .pgpass file will be automatically created if you're using
pgAdmin III with "store password" being enabled in the connection
settings.
It strikes me that this is actually a bad thing for pgadmin3 to be
doing. It should use its own file, not the deafult location, at least if
the libpq version is >= 8.1. We provided the PGPASSFILE environment
setting just so programs like this could use alternative locations for
the pgpass file. Otherwise, it seems to me we are violating the POLS, as
in the case of this user who not unnaturally thought he had found a
major security hole.
Ummm, The function which pgAdmin offers is the optimal in present. I do not
think that PGPASSFILE avoids the danger clearly. Probably, It is easy for the
user who is malicious in the change to find it. I consider it to be a problem that
the password is finally PlainText. Then, I made the proposal before. However,
It was indicated that deliberation is required again..... I want to consider a good
method again. Is there any proposal with good someone?
Regards,
Hiroshi Saito
---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
