Home > mailing lists

Re: SET SESSION AUTHORIZATION superuser limitation. - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: SET SESSION AUTHORIZATION superuser limitation.
Date	December 21, 2015 14:57:10
Msg-id	22190.1450709824@sss.pgh.pa.us Whole thread Raw
In response to	Re: SET SESSION AUTHORIZATION superuser limitation. (Robert Haas <robertmhaas@gmail.com>)
Responses	Re: SET SESSION AUTHORIZATION superuser limitation. Re: SET SESSION AUTHORIZATION superuser limitation.
List	pgsql-hackers

Tree view

Robert Haas <robertmhaas@gmail.com> writes:
> On Sun, Dec 20, 2015 at 1:47 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> The syntax you propose exposes the user's password in cleartext in
>> the command, where it is likely to get captured in logs for example.
>> That's not going to do.

> Of course, right now, the ALTER USER ... PASSWORD command has that
> problem which is, uh, bad.

Which is why we invented the ENCRYPTED PASSWORD syntax, as well as
psql's \password command ... but using that approach for actual
login to an account would be a security fail as well.
        regards, tom lane

pgsql-hackers by date:

From: Simon Riggs
Date: 21 December 2015, 14:54:29
Subject: Avoiding pin scan during btree vacuum

From: Robert Haas
Date: 21 December 2015, 15:11:58
Subject: Re: custom function for converting human readable sizes to bytes

Re: SET SESSION AUTHORIZATION superuser limitation. - Mailing list pgsql-hackers

Previous

Next