The officially sanctioned function for this is now PQencryptPassword() in 
libpq.  Please consider using it when available.

I wrote:
> Commands like CREATE USER foo PASSWORD 'bar' transmit the password in
> cleartext and possibly save the password in various client or server
> log files.  I have just fixed this for psql and createuser to encrypt
> the password on the client side.  A quick check of the pgadmin3 source
> code shows that you are also affected by this issue.  I ask you to
> check where you paste cleartext passwords into SQL commands and change
> those to encrypt the password before sending or storing it anywhere.
> The required function pg_md5_encrypt() is contained in libpq.

---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend

Reply via email to