Re: BUG #16449: Log file and the query field of thepg_stat_statements table display clear text password.

Поиск
Список
Период
Сортировка
От Michael Paquier
Тема Re: BUG #16449: Log file and the query field of thepg_stat_statements table display clear text password.
Дата
Msg-id 20200519070257.GF11835@paquier.xyz
обсуждение исходный текст
Ответ на Re: BUG #16449: Log file and the query field of thepg_stat_statements table display clear text password.  (Oleksandr Shulgin <oleksandr.shulgin@zalando.de>)
Список pgsql-bugs
Дерево обсуждения 
On Tue, May 19, 2020 at 08:22:09AM +0200, Oleksandr Shulgin wrote:
> I think it's worth noting that using psql's \password command still results
> in an ALTER USER being sent to the server, and thus ending up in the logs.
> The difference is that the logged password is already encrypted:
>
> postgres=# \set ECHO_HIDDEN
> postgres=# \password t
> Enter new password:
> Enter it again:
> ********* QUERY **********
> ALTER USER t PASSWORD 'md5cf853b7f00ed64ef120b3f6af0d073c2'
> **************************

Even with that, please also remember that for a md5-hashed password,
having the MD5 hash is enough to be able to log into the server.
That's not the case with SCRAM...
--
Michael
Вложения

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Oleksandr Shulgin
Дата:
Сообщение: Re: BUG #16449: Log file and the query field of thepg_stat_statements table display clear text password.
Следующее
От: wenjing zeng
Дата:
Сообщение: Re: [bug] Table not have typarray when created by single user mode