Please note that security bugs or issues should be reported to security@pgadmin.org.
Describe the bug
For Servers stored in pgadmin with a saved password, the Query Tool is unreachable if stored password is invalid (=after Password of the user changed), although you might enter the correct password when prompted. The saved password will overwrite the entered password and will not update.
To Reproduce
We will take a shortcut - not rotating user credentials but manually invalidating stored credentials in connection details. The effect is the same.
- Create a database connection with valid credentials. No storing of password (will remove the additional step of clear stored password that would have to be performed additionally)
- Once connected to the server, disconnect
- Change password to something non-sense in connection settings, enable Save Password checkbox
- Connect to Server
- Enter correct password, when prompted
- Connection established successfully
- Open Query Tool for this Connection
- Enter correct password, when prompted. This continues forever. You will not be able to access Query Tool
Expected behavior
Saved Passwords are updated, when Checkbox "Save Password" is active and new, valid Credentials are provided
Error message
FATAL: LDAP authentication failed for user xyz
FATAL: no pg_hba.conf entry for host "a.b.c.d", user "xyz", database "postgres", no encryption
Desktop (please complete the following information):
- OS: Linux
- pgAdmin version: 9-16
- Mode: Server
- Browser (if running in server mode): edge
- Package type: Container, Openshift / Helm
Please note that security bugs or issues should be reported to security@pgadmin.org.
Describe the bug
For Servers stored in pgadmin with a saved password, the Query Tool is unreachable if stored password is invalid (=after Password of the user changed), although you might enter the correct password when prompted. The saved password will overwrite the entered password and will not update.
To Reproduce
We will take a shortcut - not rotating user credentials but manually invalidating stored credentials in connection details. The effect is the same.
Expected behavior
Saved Passwords are updated, when Checkbox "Save Password" is active and new, valid Credentials are provided
Error message
FATAL: LDAP authentication failed for user xyz
FATAL: no pg_hba.conf entry for host "a.b.c.d", user "xyz", database "postgres", no encryption
Desktop (please complete the following information):