Dave Page wrote:
pgAdmin doesn't force them to store any passwords at all. That's pure
FUD.
You are correct on that fact Dave, however it does force them to store
the password in a pgpass file without their knowledge.
When you check that box "Store Password" it is not warning the user that
a pgpass file will be created and that it will affect all
applications that use libpq for that particular host.
So a user selects store password in pgAdmin III, then they need to use
psql for some reason and yipee skipee they get automagically authenticated
when they attempt to connect to that host. I had know idea pgAdmin III
was using pgpass to store the password, I thought something was wrong
with my servers pg_hba.conf file or a it was a bug.
It just totally amazes me that you don't see the big picture problem
with pgAdmin III using pgpass.
The only other solution to this problem beside the pgAdmin III team
fixing the inappropriate use of pgpass is to make a change to libpq
by adding
a new connections string option to ignore the pgpass file.
At least that way the developer of the application would have the choice
to use pgpass or not.
Later,
--
Tony Caduto
AM Software Design
http://www.amsoftwaredesign.com
Home of PG Lightning Admin for Postgresql
Your best bet for Postgresql Administration