Client-side password encryption

Home

Advocacy

Development

Documentation

Download

Screenshots

Support

Translation

Client-side password encryption

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: pgadmin-hackers(at)postgresql(dot)org
Subject: Client-side password encryption
Date: Sun, 18 Dec 2005 03:25:24 +0100

Commands like CREATE USER foo PASSWORD 'bar' transmit the password in 
cleartext and possibly save the password in various client or server 
log files.  I have just fixed this for psql and createuser to encrypt 
the password on the client side.  A quick check of the pgadmin3 source 
code shows that you are also affected by this issue.  I ask you to 
check where you paste cleartext passwords into SQL commands and change 
those to encrypt the password before sending or storing it anywhere.  
The required function pg_md5_encrypt() is contained in libpq.

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/

Prev by Date: Re: [pgadmin-support] PgAdmin3 1.4.1 on Mac OSX 1.4.1 is
Next by Date: Re: Client-side password encryption
Previous by thread: Re: [pgadmin-support] PgAdmin3 1.4.1 on Mac OSX 1.4.1 is
Next by thread: Re: Client-side password encryption
Indexes:
- Main
- Thread

Home | Main Index | Thread Index

top