On Thu, 19 Feb 1998, Bruce Momjian wrote:
> >
> > The command
> > copy pg_user to stdout;
> >
> > will also show the cleartext password and I think it is hard to do a rewrite
> > here,
> > since this would also affect the pg_dump ?
>
> OK, I have committed code that removes the REVOKE from initdb, and does
> not allow them to do any adding or altering of users if there is a
> password involved AND the ACL for pg_user is null. It prints a nice
> message telling them they need to issue the REVOKE command so normal
> users can't read the passwords.
I put the REVOKE back in, with the appropriate rule rewrite...I've
tried it here and it works cleanly, and just masks out the passwd
entry...doesn't compensate for the 'copy' problem, but its better then
expecting the admin to go do the revoke on his own :(