Tom Lane wrote:
> Peter Eisentraut <peter_e@gmx.net> writes:
> > Users who choose a password
> > should have the assurance that the password cannot be seen in
> > plain-text by anyone anywhere. In a PostgreSQL system, the password
> > can be seen in all kinds of places, like the psql history, the server
> > log, the activity displays, and who knows where else.
>
> As I said already, if the user wishes the password to be secure, he
> needs to encrypt it on the client side. Anything else is just the
> illusion of security.
Should we document this?
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
359-1001+ If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square,
Pennsylvania19073