Hi,
My answers are written under your comments.
Best Regards
Murat KOC
2011/12/19 Alban Hertroys <haramrae@xxxxxxxxx>
Problem is not secure connection to DB, problem is that PostgreSQL logs include changing passwords on clear-text not encrypted.
### Server Logs ###
2011-12-19 14:35:31 EET--postgres--postgres--[local]--psql--idle--00000LOG: statement: alter user mkoc password 'dummy';
2011-12-19 14:35:41 EET--postgres--postgres--[local]--psql--idle--00000LOG: statement: alter user mkoc with password 'dummy';
Of course, we could create login credentials, login configuration options for every DBA colleagues. But, as I said previous that big problem is "PostgreSQL logs include changing passwords on clear-text not encrypted"
On 19 December 2011 16:26, MURAT KOÇ <m.koc21@xxxxxxxxx> wrote:Apparently psql doesn't send a plain ALTER ROLE statement. It probably
> Hi Adrian,
>
> I wrote a desktop application on Windows by using "Npgsql.dll". So, I send
> SQL statement to database from this application code. I can't use psql
> command line (I know "\password" command changes password encrypted text).
>
> Because of this, I have to use "ALTER USER" statement from application code.
> Or what could you give another advice?
uses the binary protocol. Perhaps your application can do the same.
Although my application uses the binary protocol, it has to send "ALTER USER " statement to PostgreSQL Database to change DB user password.
Alternatively, you can secure your (apparently insecure) connection to
the DB using SSL or an ssh tunnel or somesuch.
Problem is not secure connection to DB, problem is that PostgreSQL logs include changing passwords on clear-text not encrypted.
### Server Logs ###
2011-12-19 14:35:31 EET--postgres--postgres--[local]--psql--idle--00000LOG: statement: alter user mkoc password 'dummy';
2011-12-19 14:35:41 EET--postgres--postgres--[local]--psql--idle--00000LOG: statement: alter user mkoc with password 'dummy';
That said, if you are having issues with a fellow DBA, you should
create a policy that you don't use each others' login credentials when
it matters. You're DBA's, there is no security measure that will stop
you from obtaining private data from the databases you manage. Access
to the log files is only a small part of that.
Of course, we could create login credentials, login configuration options for every DBA colleagues. But, as I said previous that big problem is "PostgreSQL logs include changing passwords on clear-text not encrypted"
--
If you can't see the forest for the trees,
Cut the trees and you'll see there is no forest.
