Commands like CREATE USER foo PASSWORD 'bar' transmit the password in cleartext and possibly save the password in various client or server log files. I have just fixed this for psql and createuser to encrypt the password on the client side. A quick check of the pgadmin3 source code shows that you are also affected by this issue. I ask you to check where you paste cleartext passwords into SQL commands and change those to encrypt the password before sending or storing it anywhere. The required function pg_md5_encrypt() is contained in libpq.
-- Peter Eisentraut http://developer.postgresql.org/~petere/ ---------------------------(end of broadcast)--------------------------- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
