Peter Eisentraut wrote: > Tom Lane wrote: > > As I said already, if the user wishes the password to be secure, he > > needs to encrypt it on the client side. > > Maybe we should provide a backslash command in psql for secure password > entry, say, \password [username]. This would then ask for the password > through a somewhat secure, unlogged channel, encrypt it, and send an > ALTER ROLE command to the server.
I was thinking of something like: test=> \set passwd '\'md5' `md5 -q -s aaapostgres` '\'' test=> \echo :passwd 'md536840d6d769e9e4b5ee644f4b9a8ce7e' test=> ALTER USER postgres PASSWORD :passwd; ALTER ROLE What I have not figured out is how to easily prevent psql HISTORY from being saved. Also, ideally I would use: test=> \set pass '\'md5' `md5 -q -s aaa:USER` '\'' but I can't figure out how to do ':' expansion inside a backquote string: test=> \set pass `echo :USER` test=> \echo :pass :USER However, they might want to change a different user's password if they are the superuser, so maybe they should be required to type it out. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org