Обсуждение: \password in psql help

Поиск
Список
Период
Сортировка

\password in psql help

От
Magnus Hagander
Дата:
The \password command appears to be documented in the psql reference
page, but not included in the output of the \? command. Is there any
actual reason for that, or should I just apply the attached patch?
(which means I will apply it unless there are objections :-P)

//Magnus


Вложения

Re: \password in psql help

От
"Heikki Linnakangas"
Дата:
Magnus Hagander wrote:
> +     fprintf(output, _("  \\password [USERNAME]\n"
> +                  "                 securely change the password for a user\n"));

I would leave out the word "securely". Unless you want to provide
another command for changing it insecurely ;-). What does it mean, anyway?

--
   Heikki Linnakangas
   EnterpriseDB   http://www.enterprisedb.com

Re: \password in psql help

От
Alvaro Herrera
Дата:
Heikki Linnakangas wrote:
> Magnus Hagander wrote:
>> +     fprintf(output, _("  \\password [USERNAME]\n"
>> +                  "                 securely change the password for a user\n"));
>
> I would leave out the word "securely". Unless you want to provide
> another command for changing it insecurely ;-). What does it mean,
> anyway?

The point is that the password is encrypted on the client and
transmitted in md5 form.  If you were to use ALTER USER to change the
password, it could end up unencrypted in the server log.

--
Alvaro Herrera                                http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support

Re: \password in psql help

От
Magnus Hagander
Дата:
On Wed, 26 Mar 2008 10:43:48 -0300
Alvaro Herrera <alvherre@commandprompt.com> wrote:

> Heikki Linnakangas wrote:
> > Magnus Hagander wrote:
> >> +     fprintf(output, _("  \\password [USERNAME]\n"
> >> +                  "                 securely
> >> change the password for a user\n"));
> >
> > I would leave out the word "securely". Unless you want to provide
> > another command for changing it insecurely ;-). What does it mean,
> > anyway?
>
> The point is that the password is encrypted on the client and
> transmitted in md5 form.  If you were to use ALTER USER to change the
> password, it could end up unencrypted in the server log.

That, and it will go over the network in plaintext. And it will go in
your .psql_history. \password closes all these.

//Magnus

Re: \password in psql help

От
Tom Lane
Дата:
Magnus Hagander <magnus@hagander.net> writes:
> The \password command appears to be documented in the psql reference
> page, but not included in the output of the \? command. Is there any
> actual reason for that, or should I just apply the attached patch?

Presumably somebody forgot.

While you're at it, please fix the gratuitous non-alphabetical
ordering of the items in that list ...

            regards, tom lane

Re: \password in psql help

От
Magnus Hagander
Дата:
On Wed, 26 Mar 2008 10:44:43 -0400
Tom Lane <tgl@sss.pgh.pa.us> wrote:

> Magnus Hagander <magnus@hagander.net> writes:
> > The \password command appears to be documented in the psql reference
> > page, but not included in the output of the \? command. Is there any
> > actual reason for that, or should I just apply the attached patch?
>
> Presumably somebody forgot.
>
> While you're at it, please fix the gratuitous non-alphabetical
> ordering of the items in that list ...

Yeah, I noticed that. Will fix.

Just to be sure - this is non-backpatch stuff, correct?

//Magnus

Re: \password in psql help

От
Tom Lane
Дата:
Magnus Hagander <magnus@hagander.net> writes:
>>> The \password command appears to be documented in the psql reference
>>> page, but not included in the output of the \? command. Is there any
>>> actual reason for that, or should I just apply the attached patch?

> Just to be sure - this is non-backpatch stuff, correct?

You could argue it either way, I think.  Lack of documentation is
a bug, but hardly a critical one.  Since you're adding a string it
would create new work for translators, but it still seems better
if the entry is there and untranslated than not there at all.

            regards, tom lane

Re: \password in psql help

От
Magnus Hagander
Дата:
On Wed, 26 Mar 2008 11:35:22 -0400
Tom Lane <tgl@sss.pgh.pa.us> wrote:

> Magnus Hagander <magnus@hagander.net> writes:
> >>> The \password command appears to be documented in the psql
> >>> reference page, but not included in the output of the \? command.
> >>> Is there any actual reason for that, or should I just apply the
> >>> attached patch?
>
> > Just to be sure - this is non-backpatch stuff, correct?
>
> You could argue it either way, I think.  Lack of documentation is
> a bug, but hardly a critical one.  Since you're adding a string it
> would create new work for translators, but it still seems better
> if the entry is there and untranslated than not there at all.
>
Heh, that's only slightly clearer than what I had before I asked the
question ;-) But - will go ahead and backpatch then.

//Magnus