class PG::Connection
def encrypt_password( password, username, algorithm=nil )
Available since PostgreSQL-10.
The caller can assume the string doesn't contain any special characters that would require escaping.
Return value is the encrypted password.
If you wish to use the default algorithm for the server but want to avoid blocking, query +password_encryption+ yourself before calling #encrypt_password, and pass that value as the algorithm.
That can block, and will fail if the current transaction is aborted, or if the connection is busy executing another query.
If algorithm is omitted or +nil+, this function will query the server for the current value of the +password_encryption+ setting.
Note that support for +scram-sha-256+ was introduced in PostgreSQL version 10, and will not work correctly with older server versions.
Currently supported algorithms are +md5+ and +scram-sha-256+ (+on+ and +off+ are also accepted as aliases for +md5+, for compatibility with older server versions).
+algorithm+ specifies the encryption algorithm to use to encrypt the password.
The +password+ and +username+ arguments are the cleartext password, and the SQL name of the user it is for.
Instead, use this function to convert the password to encrypted form before it is sent.
It is good practice not to send the original cleartext password in such a command, because it might be exposed in command logs, activity displays, and so on.
This function is intended to be used by client applications that wish to send commands like ALTER USER joe PASSWORD 'pwd'.
conn.encrypt_password( password, username, algorithm=nil ) -> String
call-seq:
def encrypt_password( password, username, algorithm=nil ) algorithm ||= exec("SHOW password_encryption").getvalue(0,0) sync_encrypt_password(password, username, algorithm) end