Re: [ADMIN] Passwords in clear text in server log

Don Seiler <don@seiler.us> writes:
> On Wed, Oct 11, 2017 at 9:48 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> This is why psql has provisions for encrypting a new password on the
>> client side --- see \password.

>  That's nice to have that option, but why even make it an option? If this
> is a dead horse that was finished being beaten years ago, my apologies.

Yes, people have complained about this before, but they're asking for
an impossibility, which is for necessarily-pretty-dumb logging code
to decide which parts of SQL commands somebody might think are sensitive.

I don't intend to spend much time arguing about this, because you can find
previous discussions in the PG archives if you're so inclined.  But I do
remember one simple counterexample: if you fat-finger the command syntax,
say
ALTER YSER joe PASSWORD 'notsosecret'

would you still expect the logging code to figure out that it should
suppress the password?
        regards, tom lane


-- 
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin