On Thu, Feb 01, 2007 at 09:53:26PM -0000, Dave Page wrote: > > Not to mention that the whole pgpass thing is a huge security hole, it > > would be different if the passwords where encrypted or hashed, but they > > are just sitting there in plain text. > > In an 0600 file on *nix, or in your profile on Windows, which if you were concerned with security would be secured as well. Not to mention it's secured by default, and you'd actually have to go out of your way to make it *unsecure*. (Yes, one common way to make it unsecure is to make every local user an administrator is a comon way to break it, but if you do that you have so many other ways ot hack that system it doesn' tmake a real difference) //Magnus
