Thread: How to mask password when using ALTER USER syntax in psql.
Greetings, I am using versions 7.4 and 8.3.7. I have not discovered a way to obfuscate the password when changing it in psql with ALTER USER syntax. The password displays in clear text at the command line AND in the log file. Why is this? Or am I missing something obvious in the documentation? Thanks. Ken Banyas
The documentation for 8.3 states: ALTER USER is now an alias for ALTER ROLE. Under the entry for ALTER ROLE it says: Caution must be exercised when specifying an unencrypted password with this command. The password will be transmitted to the server in cleartext, and it might also be logged in the client's command history or the server log. psql contains a command \password that can be used to safely change a role's password. Kenneth Banyas wrote: > Greetings, > > I am using versions 7.4 and 8.3.7. > I have not discovered a way to obfuscate the password when changing it > in psql with ALTER USER syntax. > The password displays in clear text at the command line AND in the log file. > Why is this? > Or am I missing something obvious in the documentation? > Thanks. > > Ken Banyas > >
Lewis Kapell <lkapell@setonhome.org> writes:
> ... psql contains a command \password that can be used
> to safely change a role's password.
FWIW, all that's doing is pre-encrypting the password and sending
ALTER ROLE WITH ENCRYPTED PASSWORD '...';
regards, tom lane
Kenneth Banyas wrote: > Greetings, > > I am using versions 7.4 and 8.3.7. > I have not discovered a way to obfuscate the password when changing it > in psql with ALTER USER syntax. > The password displays in clear text at the command line AND in the log file. > Why is this? Perhaps you could try \password in psql. -- Alvaro Herrera http://www.CommandPrompt.com/ PostgreSQL Replication, Consulting, Custom Development, 24x7 support