On 2020-Aug-25, hans.wolters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Dear all,
> I noticed the password of a used is stored in the history of the psql user (postgres in my case). This happens when
alteruser <user> with password '<password>' is used.
> I suppose it is not a real bug but it might be handy to filter that for things like a history listing.
This is why you should use \password in psql instead of 'alter user ..
password'. (Well, that and the server log and risk of unencrypted
password traffic.)
--
Álvaro Herrera https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
