Hi List, When I try to change my db password like below SQL statement from psql or pgAdmin tool, it outputs to server logs as like this:
*postgres=# alter user mkoc password 'dummy'; ALTER ROLE postgres=# alter user mkoc with password 'dummy'; ALTER ROLE * ### Server Logs ### 2011-12-19 14:35:31 EET--postgres--postgres--[local]--psql--idle--00000LOG: statement: alter user mkoc password 'dummy'; 2011-12-19 14:35:41 EET--postgres--postgres--[local]--psql--idle--00000LOG: statement: alter user mkoc with password 'dummy'; So, an OS user who can access to server log files can read DB users' clear-text passwords from these logs. In my opinion, this is a big security gap. I don't want to see these changing password logs in clear-text. These logs must be encrypted passwords instead of clear-text like below: *Server Logs must be; *2011-12-19 14:35:31 EET--postgres--postgres--[local]--psql--idle--00000LOG: statement: alter user mkoc password *values 'XFADIT9248fDSKFD';* ** Is it possible to see changing passwords as encrypted? How should I change password or what is the correct sql statement to change user password? Best Regards, Murat KOC
