Home > mailing lists

Re: \password in psql help - Mailing list pgsql-patches

From	Magnus Hagander
Subject	Re: \password in psql help
Date	March 26, 2008 14:42:13
Msg-id	20080326154315.65fe185e@mha-laptop.clients.sollentuna.se Whole thread Raw
In response to	Re: \password in psql help (Alvaro Herrera <alvherre@commandprompt.com>)
List	pgsql-patches

Tree view

On Wed, 26 Mar 2008 10:43:48 -0300
Alvaro Herrera <alvherre@commandprompt.com> wrote:

> Heikki Linnakangas wrote:
> > Magnus Hagander wrote:
> >> +     fprintf(output, _("  \\password [USERNAME]\n"
> >> +                  "                 securely
> >> change the password for a user\n"));
> >
> > I would leave out the word "securely". Unless you want to provide
> > another command for changing it insecurely ;-). What does it mean,
> > anyway?
>
> The point is that the password is encrypted on the client and
> transmitted in md5 form.  If you were to use ALTER USER to change the
> password, it could end up unencrypted in the server log.

That, and it will go over the network in plaintext. And it will go in
your .psql_history. \password closes all these.

//Magnus

pgsql-patches by date:

From: Bruce Momjian
Date: 26 March 2008, 14:34:13
Subject: Re: pg_dump -i wording

From: Tom Lane
Date: 26 March 2008, 14:45:10
Subject: Re: \password in psql help

Re: \password in psql help - Mailing list pgsql-patches

Previous

Next