change-pw-v001-02.patch
text/x-patch
Filename: change-pw-v001-02.patch
Type: text/x-patch
Part: 1
Message:
Re: Password leakage avoidance
Patch
Same data as JSON:
GET /api/v1/attachments/:id/patch
the parsed metadata as JSON — format, series position, per-file stats; never the diff bytes.
API reference →
Format: unified
Series: patch v1
| File | + | − |
|---|---|---|
| src/bin/psql/command.c | 0 | 0 |
diff --git a/src/bin/psql/command.c b/src/bin/psql/command.c
index 82cc091..81402e0 100644
*** a/src/bin/psql/command.c
--- b/src/bin/psql/command.c
*************** exec_command_password(PsqlScanState scan
*** 2158,2186 ****
}
else
{
! char *encrypted_password;
!
! encrypted_password = PQencryptPasswordConn(pset.db, pw1, user, NULL);
! if (!encrypted_password)
{
pg_log_info("%s", PQerrorMessage(pset.db));
success = false;
}
- else
- {
- PGresult *res;
! printfPQExpBuffer(&buf, "ALTER USER %s PASSWORD ",
! fmtId(user));
! appendStringLiteralConn(&buf, encrypted_password, pset.db);
! res = PSQLexec(buf.data);
! if (!res)
! success = false;
! else
! PQclear(res);
! PQfreemem(encrypted_password);
! }
}
free(user);
--- 2158,2172 ----
}
else
{
! PGresult *res = PQchangePassword(pset.db, user, pw1);
! if (PQresultStatus(res) != PGRES_COMMAND_OK)
{
pg_log_info("%s", PQerrorMessage(pset.db));
success = false;
}
! PQclear(res);
}
free(user);