On 10/29/14 3:41 PM, Jim Nasby wrote:
> On 10/29/14, 2:33 PM, Tom Lane wrote:
>> Capture the postmaster log. Keep on capturing it till somebody
>> fat-fingers their login to the extent of swapping the username and
>> password (yeah, I've done that, haven't you?).
>
> Which begs the question: why on earth do we log passwords at all?
We don't.
> This is a problem for ALTER ROLE too.
Only if you use the non-encrypted forms.