Skip site navigation (1) Skip section navigation (2)

Re: \password in psql help

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Alvaro Herrera <alvherre(at)commandprompt(dot)com>
Cc: Heikki Linnakangas <heikki(at)enterprisedb(dot)com>, pgsql-patches(at)postgresql(dot)org
Subject: Re: \password in psql help
Date: 2008-03-26 14:43:15
Message-ID: 20080326154315.65fe185e@mha-laptop.clients.sollentuna.se (view raw or flat)
Thread:
Lists: pgsql-patches
On Wed, 26 Mar 2008 10:43:48 -0300
Alvaro Herrera <alvherre(at)commandprompt(dot)com> wrote:

> Heikki Linnakangas wrote:
> > Magnus Hagander wrote:
> >> + 	fprintf(output, _("  \\password [USERNAME]\n"
> >> + 				 "                 securely
> >> change the password for a user\n"));
> >
> > I would leave out the word "securely". Unless you want to provide  
> > another command for changing it insecurely ;-). What does it mean, 
> > anyway?
> 
> The point is that the password is encrypted on the client and
> transmitted in md5 form.  If you were to use ALTER USER to change the
> password, it could end up unencrypted in the server log.

That, and it will go over the network in plaintext. And it will go in
your .psql_history. \password closes all these.

//Magnus

In response to

pgsql-patches by date

Next:From: Tom LaneDate: 2008-03-26 14:44:43
Subject: Re: \password in psql help
Previous:From: Bruce MomjianDate: 2008-03-26 14:33:45
Subject: Re: pg_dump -i wording

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group