Re: Roles with passwords; SET ROLE ... WITH PASSWORD ?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Craig Ringer <craig(at)postnewspapers(dot)com(dot)au>
Cc: PG-General Mailing List <pgsql-general(at)postgresql(dot)org>
Subject: Re: Roles with passwords; SET ROLE ... WITH PASSWORD ?
Date: 2009-12-02 16:47:00
Message-ID: 14801.1259772420@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Craig Ringer <craig(at)postnewspapers(dot)com(dot)au> writes:
> On 2/12/2009 11:04 PM, Tom Lane wrote:
>> Seems like it would have all the standard problems with cleartext
>> passwords being exposed in pg_stat_activity, system logs, etc.

> Yeah, I was a bit concerned about that, but it can be worked around with
> careful use of parameterised queries (depending, admittedly, on client
> library/driver).

No, not really, because we don't support parameters in utility commands.
Even if we did, parameter values get logged, so the leak to the
postmaster log is still there.

regards, tom lane

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Israel Brewster 2009-12-02 17:12:00 Re: Build universal binary on Mac OS X 10.6?
Previous Message Daniel 2009-12-02 16:46:53 Cannot login, with C/C++ program