Skip site navigation (1) Skip section navigation (2)

Client-side password encryption

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: pgadmin-hackers(at)postgresql(dot)org
Subject: Client-side password encryption
Date: 2005-12-18 02:25:24
Message-ID: 200512180325.24912.peter_e@gmx.net (view raw or flat)
Thread:
Lists: pgadmin-hackers
Commands like CREATE USER foo PASSWORD 'bar' transmit the password in 
cleartext and possibly save the password in various client or server 
log files.  I have just fixed this for psql and createuser to encrypt 
the password on the client side.  A quick check of the pgadmin3 source 
code shows that you are also affected by this issue.  I ask you to 
check where you paste cleartext passwords into SQL commands and change 
those to encrypt the password before sending or storing it anywhere.  
The required function pg_md5_encrypt() is contained in libpq.

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/

Responses

pgadmin-hackers by date

Next:From: Dave PageDate: 2005-12-18 15:53:53
Subject: Re: Client-side password encryption
Previous:From: Dave PageDate: 2005-12-16 22:56:59
Subject: Re: [pgadmin-support] PgAdmin3 1.4.1 on Mac OSX 1.4.1 is

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group