Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Client-side password encryption
- From: Peter Eisentraut <peter_e(at)gmx(dot)net>
- To: pgadmin-hackers(at)postgresql(dot)org
- Subject: Client-side password encryption
- Date: Sun, 18 Dec 2005 03:25:24 +0100
Commands like CREATE USER foo PASSWORD 'bar' transmit the password in cleartext and possibly save the password in various client or server log files. I have just fixed this for psql and createuser to encrypt the password on the client side. A quick check of the pgadmin3 source code shows that you are also affected by this issue. I ask you to check where you paste cleartext passwords into SQL commands and change those to encrypt the password before sending or storing it anywhere. The required function pg_md5_encrypt() is contained in libpq. -- Peter Eisentraut http://developer.postgresql.org/~petere/
- Prev by Date: Re: [pgadmin-support] PgAdmin3 1.4.1 on Mac OSX 1.4.1 is
- Next by Date: Re: Client-side password encryption
- Previous by thread: Re: [pgadmin-support] PgAdmin3 1.4.1 on Mac OSX 1.4.1 is
- Next by thread: Re: Client-side password encryption
- Indexes: