| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Ricardo Vaz - TCESP <jrvaz(at)tce(dot)sp(dot)gov(dot)br> |
| Subject: | Re: Log of CREATE USER statement |
| Date: | 2005-12-09 18:03:16 |
| Message-ID: | 200512091803.jB9I3GW09471@candle.pha.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> > Users who choose a password
> > should have the assurance that the password cannot be seen in
> > plain-text by anyone anywhere. In a PostgreSQL system, the password
> > can be seen in all kinds of places, like the psql history, the server
> > log, the activity displays, and who knows where else.
>
> As I said already, if the user wishes the password to be secure, he
> needs to encrypt it on the client side. Anything else is just the
> illusion of security.
Should we document this?
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua D. Drake | 2005-12-09 18:21:35 | Re: Log of CREATE USER statement |
| Previous Message | Tom Lane | 2005-12-09 17:58:35 | Re: Log of CREATE USER statement |