Skip site navigation (1) Skip section navigation (2)

Re: \password in psql help

From: Alvaro Herrera <alvherre(at)commandprompt(dot)com>
To: Heikki Linnakangas <heikki(at)enterprisedb(dot)com>
Cc: Magnus Hagander <magnus(at)hagander(dot)net>, pgsql-patches(at)postgresql(dot)org
Subject: Re: \password in psql help
Date: 2008-03-26 13:43:48
Message-ID: 20080326134348.GC8100@alvh.no-ip.org (view raw or flat)
Thread:
Lists: pgsql-patches
Heikki Linnakangas wrote:
> Magnus Hagander wrote:
>> + 	fprintf(output, _("  \\password [USERNAME]\n"
>> + 				 "                 securely change the password for a user\n"));
>
> I would leave out the word "securely". Unless you want to provide  
> another command for changing it insecurely ;-). What does it mean, 
> anyway?

The point is that the password is encrypted on the client and
transmitted in md5 form.  If you were to use ALTER USER to change the
password, it could end up unencrypted in the server log.

-- 
Alvaro Herrera                                http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support

In response to

Responses

pgsql-patches by date

Next:From: Bruce MomjianDate: 2008-03-26 13:48:40
Subject: Re: Auto Partitioning Patch - WIP version 1
Previous:From: Alvaro HerreraDate: 2008-03-26 13:42:02
Subject: Re: Auto Partitioning Patch - WIP version 1

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group