| From: | Marko Kreen <markokr(at)gmail(dot)com> |
|---|---|
| To: | Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com> |
| Cc: | Tim Spencer <tspencer(at)cloudpassage(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: how _not_ to log? |
| Date: | 2013-07-27 14:13:02 |
| Message-ID: | CACMqXCKx35Hi9GPs27mZ6=g0pRz8jB2mP+yZ2bO-z=-na6Y2-A@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, Jul 26, 2013 at 2:54 AM, Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com> wrote:
> http://www.postgresql.org/docs/9.2/interactive/sql-alterrole.html
>
> Caution must be exercised when specifying an unencrypted password
> with this command. The password will be transmitted to the server in
> cleartext, and it might also be logged in the client's command history or
> the server log. psql contains a command \password that can be used to change
> a role's password without exposing the cleartext password.
Caution must be exercised with "encrypted" passwords too - they are
cleartext-equivalent, which means you can use them to log in,
without knowing the original password.
And the "encryption" is single md5() so the actual password
is relatively easy to crack too.
So avoiding logging them is good idea.
--
marko
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Janek Sendrowski | 2013-07-27 17:04:15 | Re: Fastest Index/Algorithm to find similar sentences |
| Previous Message | Olivier Austina | 2013-07-27 13:24:28 | SQL for multimedia retrieval |