| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Don Seiler <don(at)seiler(dot)us> |
| Cc: | pgsql-admin <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Passwords in clear text in server log |
| Date: | 2017-10-11 15:37:36 |
| Message-ID: | 13879.1507736256@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Don Seiler <don(at)seiler(dot)us> writes:
> On Wed, Oct 11, 2017 at 9:48 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> This is why psql has provisions for encrypting a new password on the
>> client side --- see \password.
> That's nice to have that option, but why even make it an option? If this
> is a dead horse that was finished being beaten years ago, my apologies.
Yes, people have complained about this before, but they're asking for
an impossibility, which is for necessarily-pretty-dumb logging code
to decide which parts of SQL commands somebody might think are sensitive.
I don't intend to spend much time arguing about this, because you can find
previous discussions in the PG archives if you're so inclined. But I do
remember one simple counterexample: if you fat-finger the command syntax,
say
ALTER YSER joe PASSWORD 'notsosecret'
would you still expect the logging code to figure out that it should
suppress the password?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Don Seiler | 2017-10-11 15:37:59 | Re: Passwords in clear text in server log |
| Previous Message | Scott Marlowe | 2017-10-11 15:33:41 | Re: Passwords in clear text in server log |