2015-12-21 17:57 GMT+03:00 Tom Lane <t...@sss.pgh.pa.us>:
> Robert Haas <robertmh...@gmail.com> writes: > > On Sun, Dec 20, 2015 at 1:47 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > >> The syntax you propose exposes the user's password in cleartext in > >> the command, where it is likely to get captured in logs for example. > >> That's not going to do. > > > Of course, right now, the ALTER USER ... PASSWORD command has that > > problem which is, uh, bad. > > Which is why we invented the ENCRYPTED PASSWORD syntax, as well as > psql's \password command ... but using that approach for actual > login to an account would be a security fail as well. > The connection should be secured somehow (SSL/SSH...) to prevent password thefts. On the other hand, the logging system should not log details of commands like ALTER USER ...