Re: [pgadmin-hackers] Re: BUG #10250: pgAdmin III 1.16.1 stores unescaped plaintext password

Akshay Joshi <akshay.joshi@enterprisedb.com>

From: Akshay Joshi <akshay.joshi@enterprisedb.com>
To: Dave Page <dpage@pgadmin.org>
Cc: Stephen Frost <sfrost@snowman.net>, Heikki Linnakangas <hlinnakangas@vmware.com>, dlo@isam.kiwi, Pg Bugs <pgsql-bugs@postgresql.org>, pgadmin-hackers <pgadmin-hackers@postgresql.org>
Date: 2014-05-08T09:04:04Z
Lists: pgsql-bugs
Sure.


On Thu, May 8, 2014 at 1:37 PM, Dave Page <dpage@pgadmin.org> wrote:

> Akshay, can you look into the quoting problem please.
>
> On Thu, May 8, 2014 at 1:07 AM, Stephen Frost <sfrost@snowman.net> wrote:
> > * Heikki Linnakangas (hlinnakangas@vmware.com) wrote:
> >> (forwarding to pgadmin-hackers)
> >
> > Ah.
> >
> >> On 05/07/2014 06:44 PM, Stephen Frost wrote:
> >> >* dlo@isam.kiwi (dlo@isam.kiwi) wrote:
> >> >>but when the credential contains the delimiter (colon) it fails to be
> >> >>read back out and app responds with "invalid credentials".
> >> >>
> >> >>x.x.x.x:5432:*:username:password:with:colons
> >> >
> >> >Per the fine documentation, you need to escape any such usage with a
> >> >backslash.  Please review:
> >>
> >> Stephen, you missed the context. pgadmin3 saves .pgpass, when you
> >> check the "store password" checkbox in the connection dialog. And
> >> apparantly pgadmin3 doesn't do that escaping properly.
> >
> > Wow, that's pretty rough.  Hopefully they'll be able to fix it soon. :)
> >
> >         Thanks,
> >
> >                 Stephen
>
>
>
> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EnterpriseDB UK: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>



-- 
*Akshay Joshi*
*Principal Software Engineer *



*Phone: +91 20-3058-9517Mobile: +91 976-788-8246*