From: | MURAT KOÇ <m(dot)koc21(at)gmail(dot)com> |
---|---|
To: | Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: Changing Passwords as Encrypted not Clear-Text |
Date: | 2011-12-19 15:26:33 |
Message-ID: | CAA4y46zTcMZXewE8QffSTHpwiCHNXeG+1iwVRvsabTw+dx5hWA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Hi Adrian,
I wrote a desktop application on Windows by using "Npgsql.dll". So, I send
SQL statement to database from this application code. I can't use psql
command line (I know "\password" command changes password encrypted text).
Because of this, I have to use "ALTER USER" statement from application
code. Or what could you give another advice?
Best Regards
Murat KOC
2011/12/19 Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com>
> On Monday, December 19, 2011 5:01:28 am MURAT KOÇ wrote:
> > Hi List,
> >
> > When I try to change my db password like below SQL statement from psql or
> > pgAdmin tool, it outputs to server logs as like this:
> >
> > *postgres=# alter user mkoc password 'dummy';
> > ALTER ROLE
> > postgres=# alter user mkoc with password 'dummy';
> > ALTER ROLE
> > *
> >
> > *Server Logs must be;
> > *2011-12-19 14:35:31
> > EET--postgres--postgres--[local]--psql--idle--00000LOG: statement: alter
> > user mkoc password *values 'XFADIT9248fDSKFD';*
> > **
> > Is it possible to see changing passwords as encrypted? How should I
> change
> > password or what is the correct sql statement to change user password?
>
> http://www.postgresql.org/docs/9.0/interactive/sql-alterrole.html
> "Caution must be exercised when specifying an unencrypted password with
> this
> command. The password will be transmitted to the server in cleartext, and
> it
> might also be logged in the client's command history or the server log.
> psql
> contains a command \password that can be used to change a role's password
> without exposing the cleartext password."
>
> The above is incorrect in that encrypted passwords will also be sent as
> clear
> text.
>
> http://www.postgresql.org/docs/9.0/interactive/app-psql.html
> "\password [ username ]
>
> Changes the password of the specified user (by default, the current
> user).
> This command prompts for the new password, encrypts it, and sends it to the
> server as an ALTER ROLE command. This makes sure that the new password
> does not
> appear in cleartext in the command history, the server log, or elsewhere.
> "
>
> >
> > Best Regards,
> > Murat KOC
>
> --
> Adrian Klaver
> adrian(dot)klaver(at)gmail(dot)com
>
From | Date | Subject | |
---|---|---|---|
Next Message | Alban Hertroys | 2011-12-19 15:32:34 | Re: Changing Passwords as Encrypted not Clear-Text |
Previous Message | MURAT KOÇ | 2011-12-19 15:19:23 | Re: Changing Passwords as Encrypted not Clear-Text |