Adrian Klaver <adrian.klaver@aklaver.com> writes:
> On 03/13/2017 08:52 AM, Tom Lane wrote:
>> If by "history" you're worried about the server-side statement log, this
>> is merest fantasy: the createuser program is not magic, it just constructs
>> and sends a CREATE USER command for you. You'd actually be more secure
>> using psql, where (if you're superuser) you could shut off log_statement
>> for your session first.
> There is a difference though:
> psql> CREATE USER:
> postgres-2017-03-13 09:03:27.147 PDT-0LOG: statement: create user
> dummy_user with login password '1234';
Well, what you're supposed to do is
postgres=# create user dummy_user;
postgres=# \password dummy_user
Enter new password:
Enter it again:
postgres=#
which will result in sending something like
ALTER USER dummy_user PASSWORD 'md5c5e9567bc40082671d02c654260e0e09'
You can additionally protect that by wrapping it into one transaction
(if you have a setup where the momentary existence of the role without a
password would be problematic) and/or shutting off logging beforehand.
regards, tom lane