Tom Lane wrote: > Peter Eisentraut <[EMAIL PROTECTED]> writes: > > Users who choose a password > > should have the assurance that the password cannot be seen in > > plain-text by anyone anywhere. In a PostgreSQL system, the password > > can be seen in all kinds of places, like the psql history, the server > > log, the activity displays, and who knows where else. > > As I said already, if the user wishes the password to be secure, he > needs to encrypt it on the client side. Anything else is just the > illusion of security.
Should we document this? -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org