> ------- Original Message ------- > From: Tony Caduto <tony_caduto@xxxxxxxxxxxxxxxxxxxx> > To: Dave Page <dpage@xxxxxxxxxxxxxx> > Sent: 01/02/07, 21:18:49 > Subject: Re: [GENERAL] I "might" have found a bug on 8.2.1 win32 > > I may be forced to start deleting the pgpass file unless we can work > something out. I must Be missing the point - why should I work something out with your app for using a documented feature of libpq in pgAdmin? > I saw in the docs you can specify a alternate location for the pgpass > file, why don't you guys use some other location so you are not > impacting other > apps? If a user goes into %APPDATA%\postgresql\pgpass.conf with the > specific purpose of setting up a pgpass file so they don't have to enter > a password that's a differnt story. Because PGPASSFILE only appeared in 8.1 and we don't know if our libpq supports it at runtime. > Not to mention that the whole pgpass thing is a huge security hole, it > would be different if the passwords where encrypted or hashed, but they > are just sitting there in plain text. In an 0600 file on *nix, or in your profile on Windows, which if you were concerned with security would be secured as well. > If you have a way to prevent my app from automatically using settings > set by pgAdmin III, I am willing to listen. To what? I'm not the one wanting to change anything! :-) /D
