Re: Log of CREATE USER statement - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: Log of CREATE USER statement
Date
Msg-id 200512091917.jB9JHMf22252@candle.pha.pa.us
Whole thread Raw
In response to Re: Log of CREATE USER statement  (Peter Eisentraut <peter_e@gmx.net>)
List pgsql-hackers
Peter Eisentraut wrote:
> Tom Lane wrote:
> > As I said already, if the user wishes the password to be secure, he
> > needs to encrypt it on the client side.
> 
> Maybe we should provide a backslash command in psql for secure password 
> entry, say, \password [username].  This would then ask for the password 
> through a somewhat secure, unlogged channel, encrypt it, and send an 
> ALTER ROLE command to the server.

I was thinking of something like:
test=> \set passwd '\'md5' `md5 -q -s aaapostgres` '\''test=> \echo :passwd'md536840d6d769e9e4b5ee644f4b9a8ce7e'test=>
ALTERUSER postgres PASSWORD :passwd;ALTER ROLE
 

What I have not figured out is how to easily prevent psql HISTORY from
being saved.  Also, ideally I would use:
test=> \set pass '\'md5' `md5 -q -s aaa:USER` '\''

but I can't figure out how to do ':' expansion inside a backquote
string:test=> \set pass `echo :USER`test=> \echo :pass:USER

However, they might want to change a different user's password if they
are the superuser, so maybe they should be required to type it out.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073
 


pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: Min Xid problem proposal
Next
From: Alvaro Herrera
Date:
Subject: Re: Min Xid problem proposal