Client-side password encryption - Mailing list pgadmin-hackers

From Peter Eisentraut
Subject Client-side password encryption
Date
Msg-id 200512180325.24912.peter_e@gmx.net
Whole thread Raw
Responses Re: Client-side password encryption
List pgadmin-hackers
Commands like CREATE USER foo PASSWORD 'bar' transmit the password in
cleartext and possibly save the password in various client or server
log files.  I have just fixed this for psql and createuser to encrypt
the password on the client side.  A quick check of the pgadmin3 source
code shows that you are also affected by this issue.  I ask you to
check where you paste cleartext passwords into SQL commands and change
those to encrypt the password before sending or storing it anywhere.
The required function pg_md5_encrypt() is contained in libpq.

--
Peter Eisentraut
http://developer.postgresql.org/~petere/

pgadmin-hackers by date:

Previous
From: Dave Page
Date:
Subject: Re: [pgadmin-support] PgAdmin3 1.4.1 on Mac OSX 1.4.1 is
Next
From: "Dave Page"
Date:
Subject: Re: Client-side password encryption