Thread: \password in psql help
The \password command appears to be documented in the psql reference page, but not included in the output of the \? command. Is there any actual reason for that, or should I just apply the attached patch? (which means I will apply it unless there are objections :-P) //Magnus
Attachment
Magnus Hagander wrote:
> + fprintf(output, _(" \\password [USERNAME]\n"
> + " securely change the password for a user\n"));
I would leave out the word "securely". Unless you want to provide
another command for changing it insecurely ;-). What does it mean, anyway?
--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com
Heikki Linnakangas wrote:
> Magnus Hagander wrote:
>> + fprintf(output, _(" \\password [USERNAME]\n"
>> + " securely change the password for a user\n"));
>
> I would leave out the word "securely". Unless you want to provide
> another command for changing it insecurely ;-). What does it mean,
> anyway?
The point is that the password is encrypted on the client and
transmitted in md5 form. If you were to use ALTER USER to change the
password, it could end up unencrypted in the server log.
--
Alvaro Herrera http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support
On Wed, 26 Mar 2008 10:43:48 -0300
Alvaro Herrera <alvherre@commandprompt.com> wrote:
> Heikki Linnakangas wrote:
> > Magnus Hagander wrote:
> >> + fprintf(output, _(" \\password [USERNAME]\n"
> >> + " securely
> >> change the password for a user\n"));
> >
> > I would leave out the word "securely". Unless you want to provide
> > another command for changing it insecurely ;-). What does it mean,
> > anyway?
>
> The point is that the password is encrypted on the client and
> transmitted in md5 form. If you were to use ALTER USER to change the
> password, it could end up unencrypted in the server log.
That, and it will go over the network in plaintext. And it will go in
your .psql_history. \password closes all these.
//Magnus
Magnus Hagander <magnus@hagander.net> writes:
> The \password command appears to be documented in the psql reference
> page, but not included in the output of the \? command. Is there any
> actual reason for that, or should I just apply the attached patch?
Presumably somebody forgot.
While you're at it, please fix the gratuitous non-alphabetical
ordering of the items in that list ...
regards, tom lane
On Wed, 26 Mar 2008 10:44:43 -0400 Tom Lane <tgl@sss.pgh.pa.us> wrote: > Magnus Hagander <magnus@hagander.net> writes: > > The \password command appears to be documented in the psql reference > > page, but not included in the output of the \? command. Is there any > > actual reason for that, or should I just apply the attached patch? > > Presumably somebody forgot. > > While you're at it, please fix the gratuitous non-alphabetical > ordering of the items in that list ... Yeah, I noticed that. Will fix. Just to be sure - this is non-backpatch stuff, correct? //Magnus
Magnus Hagander <magnus@hagander.net> writes:
>>> The \password command appears to be documented in the psql reference
>>> page, but not included in the output of the \? command. Is there any
>>> actual reason for that, or should I just apply the attached patch?
> Just to be sure - this is non-backpatch stuff, correct?
You could argue it either way, I think. Lack of documentation is
a bug, but hardly a critical one. Since you're adding a string it
would create new work for translators, but it still seems better
if the entry is there and untranslated than not there at all.
regards, tom lane
On Wed, 26 Mar 2008 11:35:22 -0400 Tom Lane <tgl@sss.pgh.pa.us> wrote: > Magnus Hagander <magnus@hagander.net> writes: > >>> The \password command appears to be documented in the psql > >>> reference page, but not included in the output of the \? command. > >>> Is there any actual reason for that, or should I just apply the > >>> attached patch? > > > Just to be sure - this is non-backpatch stuff, correct? > > You could argue it either way, I think. Lack of documentation is > a bug, but hardly a critical one. Since you're adding a string it > would create new work for translators, but it still seems better > if the entry is there and untranslated than not there at all. > Heh, that's only slightly clearer than what I had before I asked the question ;-) But - will go ahead and backpatch then. //Magnus