Feature request #4823

Add warning when saving PGsql/PostGIS passwords

Added by Giovanni Manghi almost 8 years ago. Updated almost 8 years ago.

Status:Closed
Priority:Normal
Assignee:-
Category:GUI
Pull Request or Patch supplied:No Resolution:fixed
Easy fix?:No Copied to github as #:14669

Description

Pgsql/PostGIS passwords are saved in plain text. It would be useful to add a Warning as it is done in PGAdmin3. Example:

Saving passwords
WARNING: You have opted to save your password. It will be stored in plain text in your home directory on *nix systems, or in your user profile on Windows. If you do not want this to happen, please press the Cancel button.
pgAdmin uses PostgreSQL's 'pgpass' mechanism to store your passwords. On *nix systems, the password will be stored in ~/.pgpass, whilst on Windows systems it will be stored in APPDATA\\PostgreSQL\\pgpass.conf (APPDATA is the 'Application Data' folder in your user profile). This mechanism is used by default by all programs that use the libpq library to access the server, which includes command line applications such as pg_dump and pg_restore, other GUI applications, and drivers such as psqlODBC. This means that those applications may automatically connect to the server using your stored password. If you do not want this to happen, you should not use the Store Password option in pgAdmin.


Related issues

Related to QGIS Application - Bug report #5959: WMS password visible Closed 2012-07-06
Duplicates QGIS Application - Bug report #3862: world-readable postgresql account passwords in QGIS.conf Closed
Duplicated by QGIS Application - Feature request #8180: Encryption of Passwords in qgs files Open 2013-06-27

History

#1 Updated by Alexander Bruy almost 8 years ago

See also #3862

#2 Updated by Jürgen Fischer almost 8 years ago

  • Resolution set to fixed
  • Status changed from Open to Closed

implemented in 72c04ce8

Also available in: Atom PDF