Robert Haas <robertmhaas@gmail.com> writes: > On Sun, Dec 20, 2015 at 1:47 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote: >> The syntax you propose exposes the user's password in cleartext in >> the command, where it is likely to get captured in logs for example. >> That's not going to do.
> Of course, right now, the ALTER USER ... PASSWORD command has that > problem which is, uh, bad.
Which is why we invented the ENCRYPTED PASSWORD syntax, as well as psql's \password command ... but using that approach for actual login to an account would be a security fail as well.
The connection should be secured somehow (SSL/SSH...) to prevent password
thefts. On the other hand, the logging system should not log details of commands