Commands like CREATE USER foo PASSWORD 'bar' transmit the password in
cleartext and possibly save the password in various client or server
log files. I have just fixed this for psql and createuser to encrypt
the password on the client side. A quick check of the pgadmin3 source
code shows that you are also affected by this issue. I ask you to
check where you paste cleartext passwords into SQL commands and change
those to encrypt the password before sending or storing it anywhere.
The required function pg_md5_encrypt() is contained in libpq.
--
Peter Eisentraut
http://developer.postgresql.org/~petere/
