Hi Adrian,
I wrote a desktop application on Windows by using "Npgsql.dll". So, I send SQL statement to database from this application code. I can't use psql command line (I know "\password" command changes password encrypted text).
Because of this, I have to use "ALTER USER" statement from application code. Or what could you give another advice?
Best Regards
Murat KOC
2011/12/19 Adrian Klaver
<adrian.klaver@gmail.com>On Monday, December 19, 2011 5:01:28 am MURAT KOÇ wrote:
> Hi List,
>
> When I try to change my db password like below SQL statement from psql or
> pgAdmin tool, it outputs to server logs as like this:
>
> *postgres=# alter user mkoc password 'dummy';
> ALTER ROLE
> postgres=# alter user mkoc with password 'dummy';
> ALTER ROLE
> *
>
> *Server Logs must be;
> *2011-12-19 14:35:31
> EET--postgres--postgres--[local]--psql--idle--00000LOG: statement: alter
> user mkoc password *values 'XFADIT9248fDSKFD';*
> **
> Is it possible to see changing passwords as encrypted? How should I change
> password or what is the correct sql statement to change user password?
http://www.postgresql.org/docs/9.0/interactive/sql-alterrole.html
"Caution must be exercised when specifying an unencrypted password with this
command. The password will be transmitted to the server in cleartext, and it
might also be logged in the client's command history or the server log. psql
contains a command \password that can be used to change a role's password
without exposing the cleartext password."
The above is incorrect in that encrypted passwords will also be sent as clear
text.
http://www.postgresql.org/docs/9.0/interactive/app-psql.html
"\password [ username ]
Changes the password of the specified user (by default, the current user).
This command prompts for the new password, encrypts it, and sends it to the
server as an ALTER ROLE command. This makes sure that the new password does not
appear in cleartext in the command history, the server log, or elsewhere.
"
>
> Best Regards,
> Murat KOC
--
Adrian Klaver
adrian.klaver@gmail.com