Dave Page wrote:
-----Original Message----- From: [EMAIL PROTECTED]
on behalf of Peter Eisentraut Sent: Sun 12/18/2005 2:25 AM To:
pgadmin-hackers@postgresql.org Subject: [pgadmin-hackers] Client-side
password encryption
Commands like CREATE USER foo PASSWORD 'bar' transmit the password
in cleartext and possibly save the password in various client or
server log files. I have just fixed this for psql and createuser
to encrypt the password on the client side. A quick check of the
pgadmin3 source code shows that you are also affected by this
issue. I ask you to check where you paste cleartext passwords into
SQL commands and change those to encrypt the password before
sending or storing it anywhere. The required function
pg_md5_encrypt() is contained in libpq.
So did you just rip it from there into psql? I don't see it in the
list of libpq exports so if thats not the case, on Windows at least
we'll need to change the api, and possibly the dll name as well to
avoid any compatibility issues.
And a prototype in libpq-fe.h wouldn't hurt either... And a macro, to
enable distinguishing md5-enabled libpq versions from older versions.
Regards,
Andreas
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
