From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Schmid Andreas <Andreas(dot)Schmid(at)bd(dot)so(dot)ch>, "'pgsql-general(at)postgresql(dot)org'" <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: createuser: How to specify a database to connect to |
Date: | 2017-03-13 16:27:35 |
Message-ID: | 2555128d-28a8-98fa-d0db-ae7089473fbe@aklaver.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 03/13/2017 09:19 AM, Tom Lane wrote:
> Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> writes:
>> On 03/13/2017 08:52 AM, Tom Lane wrote:
>>> If by "history" you're worried about the server-side statement log, this
>>> is merest fantasy: the createuser program is not magic, it just constructs
>>> and sends a CREATE USER command for you. You'd actually be more secure
>>> using psql, where (if you're superuser) you could shut off log_statement
>>> for your session first.
>
>> There is a difference though:
>
>> psql> CREATE USER:
>
>> postgres-2017-03-13 09:03:27.147 PDT-0LOG: statement: create user
>> dummy_user with login password '1234';
>
> Well, what you're supposed to do is
>
> postgres=# create user dummy_user;
> postgres=# \password dummy_user
> Enter new password:
> Enter it again:
> postgres=#
>
> which will result in sending something like
>
> ALTER USER dummy_user PASSWORD 'md5c5e9567bc40082671d02c654260e0e09'
>
> You can additionally protect that by wrapping it into one transaction
> (if you have a setup where the momentary existence of the role without a
> password would be problematic) and/or shutting off logging beforehand.
Got it.
>
> regards, tom lane
>
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
From | Date | Subject | |
---|---|---|---|
Next Message | Alexander Farber | 2017-03-13 16:39:09 | DELETE and JOIN |
Previous Message | Tom Lane | 2017-03-13 16:19:22 | Re: createuser: How to specify a database to connect to |