| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | "ferraresso(at)tin(dot)it" <ferraresso(at)tin(dot)it>, pgsql-novice(at)lists(dot)postgresql(dot)org |
| Subject: | Re: create subscription, connection string, password in log not hide |
| Date: | 2018-01-22 11:56:01 |
| Message-ID: | 1516622161.2334.5.camel@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
ferraresso(at)tin(dot)it wrote:
> I am tring the use of Logical Replication with Postgres 10.1.
> But I found this problem:
> I went to see in the log file of the two system what is going on.
> I found in the log (C:\Program Files\PostgreSQL\10\data\log) of the subscriber the line of the command:
> "CREATE SUBSCRIPTION mysub CONNECTION 'dbname=foo host=bar user=repuser password=secret' PUBLICATION mypub;"
> Where I can see the connection string exactly as written with the password in clear.
> I try to use the password with md5 hash ('md5'+md5(user+password)) and othe combination of encrypted password, in a similar way I can do with "CREATE USER WITH ENCRYPTED ...".
> But it seemed to me that the only way is to use the password in clear.
> There is any way to avoid to log the password in clear manner?
You can run
BEGIN;
SET LOCAL log_statement='none';
SET LOCAL log__min_duration_statement=-1;
CREATE SUBSCRIPTION ...;
COMMIT;
to disable logging for the duration of a transaction.
Alternatively, you could allow "trust" authentication for replication
connections from one machine, then you don't have to send a password.
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Laurenz Albe | 2018-01-22 18:51:50 | Re: R: Re: create subscription, connection string, password in log not hide |
| Previous Message | ferraresso@tin.it | 2018-01-22 08:45:44 | create subscription, connection string, password in log not hide |