Re: BUG #16451: .psql_history file shows clear text password.

Поиск
Список
Период
Сортировка
От Magnus Hagander
Тема Re: BUG #16451: .psql_history file shows clear text password.
Дата
Msg-id CABUevEx=WWP3aZzpe1JJ4bRegfoo3+5N2_KFEZOPAG8sOo=mFw@mail.gmail.com
обсуждение исходный текст
Ответ на BUG #16451: .psql_history file shows clear text password.  (PG Bug reporting form <noreply@postgresql.org>)
Список pgsql-bugs
Дерево обсуждения


On Mon, May 18, 2020 at 11:42 AM PG Bug reporting form <noreply@postgresql.org> wrote:
The following bug has been logged on the website:

Bug reference:      16451
Logged by:          yi Ding
Email address:      abcxiaod@126.com
PostgreSQL version: 10.12
Operating system:   linux
Description:       

bash-4.2# cat /home/postgres/.psql_history |grep password
alter user t password 'adsf123asg';

Yes, if you intentionally send the query in clear text, it will be logged in clear text.

Just like with your report about creating user, it is clearly documented in the ALTER ROLE  documentation that if you don't want this, you should use \password or a similar functionality, and not the cleartext ALTER USER. 

You can also turn off command line history in psql if you want, by running it with -n.

--

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Magnus Hagander
Дата:
Сообщение: Re: BUG #16449: Log file and the query field of thepg_stat_statements table display clear text password.
Следующее
От: Magnus Hagander
Дата:
Сообщение: Re: BUG #16450: Recovery.conf file shows clear text password.