On Wed, 26 Mar 2008 10:43:48 -0300
Alvaro Herrera <alvherre(at)commandprompt(dot)com> wrote:
> Heikki Linnakangas wrote:
> > Magnus Hagander wrote:
> >> + fprintf(output, _(" \\password [USERNAME]\n"
> >> + " securely
> >> change the password for a user\n"));
> > I would leave out the word "securely". Unless you want to provide
> > another command for changing it insecurely ;-). What does it mean,
> > anyway?
> The point is that the password is encrypted on the client and
> transmitted in md5 form. If you were to use ALTER USER to change the
> password, it could end up unencrypted in the server log.
That, and it will go over the network in plaintext. And it will go in
your .psql_history. \password closes all these.
In response to
pgsql-patches by date
|Next:||From: Tom Lane||Date: 2008-03-26 14:44:43|
|Subject: Re: \password in psql help |
|Previous:||From: Bruce Momjian||Date: 2008-03-26 14:33:45|
|Subject: Re: pg_dump -i wording|