Обсуждение: pg_stat_statements: password in command is not obfuscated

Поиск
Список
Период
Сортировка

pg_stat_statements: password in command is not obfuscated

От
legrand legrand
Дата:
Hello,

It seems that passwords used in commands are not removed when caught by
pg_stat_statements
(they are not "normalized" being utility statements) 

exemple:
alter role tt with password '123';

select query from public.pg_stat_statements
where query like '%password%';

query
----------------------------------------
alter role tt with password '123';

Do you think its a bug ?

Regards
PAscal



--
Sent from: http://www.postgresql-archive.org/PostgreSQL-general-f1843780.html

Re: pg_stat_statements: password in command is not obfuscated

От
David Rowley
Дата:
On 24 March 2018 at 10:30, legrand legrand <legrand_legrand@hotmail.com> wrote:
> It seems that passwords used in commands are not removed when caught by
> pg_stat_statements
> (they are not "normalized" being utility statements)
>
> exemple:
> alter role tt with password '123';
>
> select query from public.pg_stat_statements
> where query like '%password%';
>
> query
> ----------------------------------------
> alter role tt with password '123';
>
> Do you think its a bug ?

If it is, then it's not a bug in pg_stat_statements. log_statement =
'ddl' would have kept a record of the same thing.

Perhaps the best fix would be a documentation improvement to mention
the fact and that it's best not to use plain text passwords in
CREATE/ALTER ROLE. Passwords can be md5 encrypted.

-- 
 David Rowley                   http://www.2ndQuadrant.com/
 PostgreSQL Development, 24x7 Support, Training & Services

Re: pg_stat_statements: password in command is not obfuscated

От
Michael Paquier
Дата:
On Sat, Mar 24, 2018 at 12:17:30PM +1300, David Rowley wrote:
> If it is, then it's not a bug in pg_stat_statements. log_statement =
> 'ddl' would have kept a record of the same thing.
>
> Perhaps the best fix would be a documentation improvement to mention
> the fact and that it's best not to use plain text passwords in
> CREATE/ALTER ROLE. Passwords can be md5 encrypted.

Yeah, this is bad practice.  That's one of the reasons why storage of
plain text passwords has been removed in Postgres 10 still they can be
passed via command, and also why PQencryptPasswordConn and
PQencryptPassword are useful.  Using psql's \password is a good habit to
have.
--
Michael
Вложения