BUG #10250: pgAdmin III 1.16.1 stores unescaped plaintext password

Поиск
Список
Период
Сортировка
От dlo@isam.kiwi
Тема BUG #10250: pgAdmin III 1.16.1 stores unescaped plaintext password
Дата
Msg-id 20140507043248.1398.38867@wrigleys.postgresql.org
обсуждение исходный текст
Ответы Re: BUG #10250: pgAdmin III 1.16.1 stores unescaped plaintext password  (Stephen Frost <sfrost@snowman.net>)
Список pgsql-bugs
Дерево обсуждения 
The following bug has been logged on the website:

Bug reference:      10250
Logged by:          Ben Walter
Email address:      dlo@isam.kiwi
PostgreSQL version: Unsupported/Unknown
Operating system:   openSUSE 13.1 (Bottle) (x86_64)
Description:

When storing credentials for connections into ~/.pgpass the credentials is
stored in delimited plaintext form. Not only is this practise a security
risk, but when the credential contains the delimiter (colon) it fails to be
read back out and app responds with "invalid credentials".

x.x.x.x:5432:*:username:password:with:colons

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Graham Johnson
Дата:
Сообщение: lost administrator privileges after postgres installation!
Следующее
От: Tom Lane
Дата:
Сообщение: Re: pg_ctl of postgres 8.4 doesn't behave the same than 9.x when using a custom unix socket path