Re: [ADMIN] Passwords in clear text in server log

Don Seiler <don@seiler.us> writes:
> When I run a CREATE USER or ALTER USER statement and set a password for a
> user, that statement gets printed to the server log, along with the
> password, IN CLEAR TEXT.

This is why psql has provisions for encrypting a new password on the
client side --- see \password.

More generally, almost any SQL command might contain data that somebody
thinks is sensitive for some purpose or other.  If you're going to log
commands, it behooves you to make sure the log is not widely readable.
        regards, tom lane


-- 
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin