From b16566d77168540730d7ca26f8fe1832f15d450e Mon Sep 17 00:00:00 2001
From: Peter Eisentraut
Date: Sun, 18 Dec 2005 02:17:16 +0000
Subject: Add new psql command \password for changing role password with
 client-side password encryption.  Also alter createuser command to the same
 effect.

---
 doc/src/sgml/ref/alter_role.sgml  | 12 +++++++++++-
 doc/src/sgml/ref/create_role.sgml | 14 +++++++++++++-
 doc/src/sgml/ref/psql-ref.sgml    | 15 ++++++++++++++-
 3 files changed, 38 insertions(+), 3 deletions(-)

(limited to 'doc/src')

diff --git a/doc/src/sgml/ref/alter_role.sgml b/doc/src/sgml/ref/alter_role.sgml
index 7ebd8014f29..641c4ef377c 100644
--- a/doc/src/sgml/ref/alter_role.sgml
+++ b/doc/src/sgml/ref/alter_role.sgml
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/alter_role.sgml,v 1.2 2005/07/31 17:19:17 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/alter_role.sgml,v 1.3 2005/12/18 02:17:16 petere Exp $
 PostgreSQL documentation
 -->
 
@@ -182,6 +182,16 @@ ALTER ROLE <replaceable class="PARAMETER">name</replaceable> RESET <replaceable>
    to do that.
   </para>
 
+  <para>
+   Caution must be exercised when specifying an unencrypted password
+   with this command.  The password will be transmitted to the server
+   in cleartext, and it might also be logged in the client's command
+   history or the server log.  <xref linkend="app-psql"
+   endterm="app-psql-title"> contains a command
+   <command>\password</command> that can be used to safely change a
+   role's password.
+  </para>
+
   <para>
    It is also possible to tie a
    session default to a specific database rather than to a role; see
diff --git a/doc/src/sgml/ref/create_role.sgml b/doc/src/sgml/ref/create_role.sgml
index 16cd16ef5ac..9af33ce2120 100644
--- a/doc/src/sgml/ref/create_role.sgml
+++ b/doc/src/sgml/ref/create_role.sgml
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/create_role.sgml,v 1.4 2005/11/03 00:51:43 neilc Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/create_role.sgml,v 1.5 2005/12/18 02:17:16 petere Exp $
 PostgreSQL documentation
 -->
 
@@ -357,6 +357,18 @@ where <replaceable class="PARAMETER">option</replaceable> can be:
    connection <quote>slot</> remains for the role, it is possible that
    both will fail.  Also, the limit is never enforced for superusers.
   </para>
+
+  <para>
+   Caution must be exercised when specifying an unencrypted password
+   with this command.  The password will be transmitted to the server
+   in cleartext, and it might also be logged in the client's command
+   history or the server log.  The command <xref
+   linkend="APP-CREATEUSER" endterm="APP-CREATEUSER-title">, however, transmits
+   the password encrypted.  Also, <xref linkend="app-psql"
+   endterm="app-psql-title"> contains a command
+   <command>\password</command> that can be used to safely change the
+   password later.
+  </para>
  </refsect1>
 
  <refsect1>
diff --git a/doc/src/sgml/ref/psql-ref.sgml b/doc/src/sgml/ref/psql-ref.sgml
index 3d6d0a1d7f7..c0c075f11e3 100644
--- a/doc/src/sgml/ref/psql-ref.sgml
+++ b/doc/src/sgml/ref/psql-ref.sgml
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/psql-ref.sgml,v 1.155 2005/12/09 19:19:17 momjian Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/psql-ref.sgml,v 1.156 2005/12/18 02:17:16 petere Exp $
 PostgreSQL documentation
 -->
 
@@ -1379,6 +1379,19 @@ lo_import 152801
       </varlistentry>
 
 
+      <varlistentry>
+        <term><literal>\password [ <replaceable class=parameter>username</replaceable> ]</literal>
+        <listitem>
+        <para>
+        Changes the password of the specified user or by default the
+        current user.  This command prompts for the new password,
+        encrypts it, and sends it to the server.  This makes sure that
+        the new password does not appear in the command history, the
+        server log, or elsewhere in cleartext.
+        </para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><literal>\pset <replaceable class="parameter">parameter</replaceable> [ <replaceable class="parameter">value</replaceable> ]</literal></term>
 
-- 
cgit v1.2.3