Re: BUG #16550: Problem with pg_service.conf

At a fundamental level if the database is physically accessible to an uncontrolled machine there is no perfect solution to preventing the administrator of that machine from obtaining the credentials being used by the application and using them directly.  The decision is what level of effort do you want to impose on the administrator to do that (or user, though that is even simpler).  If it must be out of the realm of possibility then the software is improperly written given the constraints - it should not utilize direct database connectivity and instead speak with a fully controlled intermediary server in some other protocol and that intermediary server then talks with the database.

Assuming that rewriting the software is not an option the discussion that needs to happen revolves around which are the available/reasonable options for getting unencrypted credentials into the application's memory space so that it may use them in a very private way.  At the same time, what are the use cases where tools like pgAdmin would be required and used responsibly versus where the same tool is being used undesirably.

David J.