Andrew Dunstan wrote:
It strikes me that this is actually a bad thing for pgadmin3 to be
doing. It should use its own file, not the deafult location, at least
if the libpq version is >= 8.1. We provided the PGPASSFILE environment
setting just so programs like this could use alternative locations for
the pgpass file. Otherwise, it seems to me we are violating the POLS,
as in the case of this user who not unnaturally thought he had found a
major security hole.
.pgpass is THE mechanism for storing libpq passwords, so what is wrong?
If the account is assumed insecure, the user shouldn't check "store
password" in pgadmin3.
That's a libpq issue, not a pgadmin3 issue.
Regards,
Andreas
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly
