On 03/13/2017 09:19 AM, Tom Lane wrote:
> Adrian Klaver <adrian.klaver@aklaver.com> writes:
>> On 03/13/2017 08:52 AM, Tom Lane wrote:
>>> If by "history" you're worried about the server-side statement log, this
>>> is merest fantasy: the createuser program is not magic, it just constructs
>>> and sends a CREATE USER command for you. You'd actually be more secure
>>> using psql, where (if you're superuser) you could shut off log_statement
>>> for your session first.
>
>> There is a difference though:
>
>> psql> CREATE USER:
>
>> postgres-2017-03-13 09:03:27.147 PDT-0LOG: statement: create user
>> dummy_user with login password '1234';
>
> Well, what you're supposed to do is
>
> postgres=# create user dummy_user;
> postgres=# \password dummy_user
> Enter new password:
> Enter it again:
> postgres=#
>
> which will result in sending something like
>
> ALTER USER dummy_user PASSWORD 'md5c5e9567bc40082671d02c654260e0e09'
>
> You can additionally protect that by wrapping it into one transaction
> (if you have a setup where the momentary existence of the role without a
> password would be problematic) and/or shutting off logging beforehand.
Got it.
>
> regards, tom lane
>
--
Adrian Klaver
adrian.klaver@aklaver.com