Quick Links

Re: Log of CREATE USER statement

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc:	pgsql-hackers(at)postgresql(dot)org, "Ricardo Vaz - TCESP" <jrvaz(at)tce(dot)sp(dot)gov(dot)br>
Subject:	Re: Log of CREATE USER statement
Date:	2005-12-09 17:58:35
Message-ID:	29764.1134151115@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> Users who choose a password
> should have the assurance that the password cannot be seen in
> plain-text by anyone anywhere. In a PostgreSQL system, the password
> can be seen in all kinds of places, like the psql history, the server
> log, the activity displays, and who knows where else.

As I said already, if the user wishes the password to be secure, he
needs to encrypt it on the client side. Anything else is just the
illusion of security.

regards, tom lane

In response to

Re: Log of CREATE USER statement at 2005-12-09 17:34:09 from Peter Eisentraut

Responses

Re: Log of CREATE USER statement at 2005-12-09 18:03:16 from Bruce Momjian
Re: Log of CREATE USER statement at 2005-12-09 18:41:35 from Peter Eisentraut

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Bruce Momjian	2005-12-09 18:03:16	Re: Log of CREATE USER statement
Previous Message	Tom Lane	2005-12-09 17:42:44	Re: Log of CREATE USER statement