Re: [pgadmin-hackers] Client-side password encryption
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Peter Eisentraut <peter_e@gmx.net>
Cc: pgsql-hackers@postgresql.org
Date: 2005-12-23T01:21:54Z
Lists: pgsql-hackers
I wrote:
> I had forgotten that the Windows build is broken. I'll see what I can
> do with throwing together the cleaner-API function.
Done, but I noticed that the change to createuser has arguably broken
it; at least we need to change the docs. To wit, the docs say
-E
--encrypted
Encrypts the user's password stored in the database. If not
specified, the default password behavior is used.
-N
--unencrypted
Does not encrypt the user's password stored in the database. If not
specified, the default password behavior is used.
As currently coded, however, the behavior when neither switch is given
is to force the password to be encrypted --- the database's
password_encryption setting is overridden.
I'm not sure we can do much about this --- certainly we don't want the
default behavior of createuser to still be to send an unencrypted
password. But if we leave the code as-is the docs need a change.
regards, tom lane