Re: [ADMIN] Passwords in clear text in server log

Scott, Don, all,

* Scott Marlowe (scott.marlowe@gmail.com) wrote:
> FYI our standard hack here is to run
>
> set log_statement='none';
> alter user ...

That's pretty terrible, frankly.

> I do agree it would be nice to have postgres stamp out the password
> field with *** when logging though

The right approach is to use SCRAM and the exported libpq functions for
generating a proper verifier that is then passed to ALTER USER, just
like \password does in psql.

Of course, SCRAM is only in v10.  The old md5 method has other issues
beyond this.  Better than all of the above is to use either Kerberos or
client-side certificates.

Thanks!

Stephen