Quick Links

Re: SET SESSION AUTHORIZATION superuser limitation.

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Robert Haas <robertmhaas(at)gmail(dot)com>
Cc:	Dmitry Igrishin <dmitigr(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: SET SESSION AUTHORIZATION superuser limitation.
Date:	2015-12-21 14:57:04
Message-ID:	22190.1450709824@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> On Sun, Dec 20, 2015 at 1:47 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> The syntax you propose exposes the user's password in cleartext in
>> the command, where it is likely to get captured in logs for example.
>> That's not going to do.

> Of course, right now, the ALTER USER ... PASSWORD command has that
> problem which is, uh, bad.

Which is why we invented the ENCRYPTED PASSWORD syntax, as well as
psql's \password command ... but using that approach for actual
login to an account would be a security fail as well.

regards, tom lane

In response to

Re: SET SESSION AUTHORIZATION superuser limitation. at 2015-12-21 14:49:56 from Robert Haas

Responses

Re: SET SESSION AUTHORIZATION superuser limitation. at 2015-12-21 16:16:41 from Dmitry Igrishin
Re: SET SESSION AUTHORIZATION superuser limitation. at 2015-12-22 02:27:24 from Craig Ringer

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Robert Haas	2015-12-21 15:11:52	Re: custom function for converting human readable sizes to bytes
Previous Message	Simon Riggs	2015-12-21 14:54:22	Avoiding pin scan during btree vacuum