| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, "Ricardo Vaz - TCESP" <jrvaz(at)tce(dot)sp(dot)gov(dot)br> |
| Subject: | Re: Log of CREATE USER statement |
| Date: | 2005-12-09 17:58:35 |
| Message-ID: | 29764.1134151115@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> Users who choose a password
> should have the assurance that the password cannot be seen in
> plain-text by anyone anywhere. In a PostgreSQL system, the password
> can be seen in all kinds of places, like the psql history, the server
> log, the activity displays, and who knows where else.
As I said already, if the user wishes the password to be secure, he
needs to encrypt it on the client side. Anything else is just the
illusion of security.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2005-12-09 18:03:16 | Re: Log of CREATE USER statement |
| Previous Message | Tom Lane | 2005-12-09 17:42:44 | Re: Log of CREATE USER statement |