From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
Cc: | Heikki Linnakangas <heikki(at)enterprisedb(dot)com>, pgsql-patches(at)postgresql(dot)org |
Subject: | Re: \password in psql help |
Date: | 2008-03-26 14:43:15 |
Message-ID: | 20080326154315.65fe185e@mha-laptop.clients.sollentuna.se |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-patches |
On Wed, 26 Mar 2008 10:43:48 -0300
Alvaro Herrera <alvherre(at)commandprompt(dot)com> wrote:
> Heikki Linnakangas wrote:
> > Magnus Hagander wrote:
> >> + fprintf(output, _(" \\password [USERNAME]\n"
> >> + " securely
> >> change the password for a user\n"));
> >
> > I would leave out the word "securely". Unless you want to provide
> > another command for changing it insecurely ;-). What does it mean,
> > anyway?
>
> The point is that the password is encrypted on the client and
> transmitted in md5 form. If you were to use ALTER USER to change the
> password, it could end up unencrypted in the server log.
That, and it will go over the network in plaintext. And it will go in
your .psql_history. \password closes all these.
//Magnus
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2008-03-26 14:44:43 | Re: \password in psql help |
Previous Message | Bruce Momjian | 2008-03-26 14:33:45 | Re: pg_dump -i wording |