Re: PATCH: warn about, and deprecate, clear text passwords

Robert Haas <robertmhaas@gmail.com> writes:
> I wonder if we could drum up some support for not including any
> version of the password (even encrypted) in the query string. For
> instance, let's say that to change your password you have to use the
> new CHANGE PASSWORD command which can only be used at top level (not
> inside PL code or whatever) and always takes a single parameter that
> must be supplied via the extended query protocol.

How would pg_dumpall cope with transferring passwords then?

I could see insisting that plain-text passwords be supplied only
that way.  But removing the ability to have encrypted passwords
in-line seems like a serious operational problem with little benefit.

            regards, tom lane