On Monday, December 19, 2011 5:01:28 am MURAT KOÇ wrote: > Hi List, > > When I try to change my db password like below SQL statement from psql or > pgAdmin tool, it outputs to server logs as like this: > > *postgres=# alter user mkoc password 'dummy'; > ALTER ROLE > postgres=# alter user mkoc with password 'dummy'; > ALTER ROLE > * > > *Server Logs must be; > *2011-12-19 14:35:31 > EET--postgres--postgres--[local]--psql--idle--00000LOG: statement: alter > user mkoc password *values 'XFADIT9248fDSKFD';* > ** > Is it possible to see changing passwords as encrypted? How should I change > password or what is the correct sql statement to change user password?
http://www.postgresql.org/docs/9.0/interactive/sql-alterrole.html "Caution must be exercised when specifying an unencrypted password with this command. The password will be transmitted to the server in cleartext, and it might also be logged in the client's command history or the server log. psql contains a command \password that can be used to change a role's password without exposing the cleartext password." The above is incorrect in that encrypted passwords will also be sent as clear text. http://www.postgresql.org/docs/9.0/interactive/app-psql.html "\password [ username ] Changes the password of the specified user (by default, the current user). This command prompts for the new password, encrypts it, and sends it to the server as an ALTER ROLE command. This makes sure that the new password does not appear in cleartext in the command history, the server log, or elsewhere. " > > Best Regards, > Murat KOC -- Adrian Klaver adrian.kla...@gmail.com -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
