Re: Log of CREATE USER statement

Tom Lane wrote:
> Peter Eisentraut <peter_e@gmx.net> writes:
> > Users who choose a password 
> > should have the assurance that the password cannot be seen in 
> > plain-text by anyone anywhere.  In a PostgreSQL system, the password 
> > can be seen in all kinds of places, like the psql history, the server 
> > log, the activity displays, and who knows where else.
> 
> As I said already, if the user wishes the password to be secure, he
> needs to encrypt it on the client side.  Anything else is just the
> illusion of security.

Should we document this?

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073