On Wed, Jun 13, 2012 at 2:12 AM, Craig Ringer <cr...@postnewspapers.com.au> wrote: > > Users don't remember passwords, though. It's one of those constants, and is > why practically every web site etc out there offers password recovery. > > The installer IMO needs to store the postgres account password in a registry > key with permissions set so that only users with local admin rights (ie: who > can use the installer) can view it. I don't like the idea of storing a > password, but it's only going to be accessible if you already have rights to > the registry as local admin, in which case the attacker can just reset it > themselves (or root your machine). So long as they installer warns that the > password shouldn't be one you use elsewhere because it can be recovered from > your computer, I don't see a problem.---
The idea of storing the password in clear text in the registry gives me nervous twitches. Whilst is should be secure if done as you suggest, a) a simple mistake could leave it vulnerable and give us an embarrassing security issue to deal with. It also doesn't help us in the cases where users have another installation of PostgreSQL from somewhere that doesn't store the password (which is likely to be the case for years to come, even if it was our installer that was used previously). -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers