On Wed, 26 Mar 2008 10:43:48 -0300
Alvaro Herrera <alvherre@commandprompt.com> wrote:
> Heikki Linnakangas wrote:
> > Magnus Hagander wrote:
> >> + fprintf(output, _(" \\password [USERNAME]\n"
> >> + " securely
> >> change the password for a user\n"));
> >
> > I would leave out the word "securely". Unless you want to provide
> > another command for changing it insecurely ;-). What does it mean,
> > anyway?
>
> The point is that the password is encrypted on the client and
> transmitted in md5 form. If you were to use ALTER USER to change the
> password, it could end up unencrypted in the server log.
That, and it will go over the network in plaintext. And it will go in
your .psql_history. \password closes all these.
//Magnus