Hi, My answers are written under your comments.
Best Regards Murat KOC 2011/12/19 Alban Hertroys <haram...@gmail.com> > On 19 December 2011 16:26, MURAT KOÇ <m.ko...@gmail.com> wrote: > > Hi Adrian, > > > > I wrote a desktop application on Windows by using "Npgsql.dll". So, I > send > > SQL statement to database from this application code. I can't use psql > > command line (I know "\password" command changes password encrypted > text). > > > > Because of this, I have to use "ALTER USER" statement from application > code. > > Or what could you give another advice? > > Apparently psql doesn't send a plain ALTER ROLE statement. It probably > uses the binary protocol. Perhaps your application can do the same. > Although my application uses the binary protocol, it has to send "ALTER USER " statement to PostgreSQL Database to change DB user password. > > Alternatively, you can secure your (apparently insecure) connection to > the DB using SSL or an ssh tunnel or somesuch. > Problem is not secure connection to DB, problem is that PostgreSQL logs include changing passwords on clear-text not encrypted. ### Server Logs ### 2011-12-19 14:35:31 EET--postgres--postgres--[local]--psql--idle--00000LOG: statement: alter user mkoc password 'dummy'; 2011-12-19 14:35:41 EET--postgres--postgres--[local]--psql--idle--00000LOG: statement: alter user mkoc with password 'dummy'; > > That said, if you are having issues with a fellow DBA, you should > create a policy that you don't use each others' login credentials when > it matters. You're DBA's, there is no security measure that will stop > you from obtaining private data from the databases you manage. Access > to the log files is only a small part of that. > Of course, we could create login credentials, login configuration options for every DBA colleagues. But, as I said previous that big problem is *"PostgreSQL logs include changing passwords on clear-text not encrypted"* > > -- > If you can't see the forest for the trees, > Cut the trees and you'll see there is no forest. >
