Re: BUG #16079: Question Regarding the BUG #16064

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, k(dot)yudhveer(at)gmail(dot)com, PostgreSQL mailing lists <pgsql-bugs(at)lists(dot)postgresql(dot)org>
Subject: Re: BUG #16079: Question Regarding the BUG #16064
Date: 2020-12-21 00:58:26
Message-ID: 20201221005825.GQ16415@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs pgsql-hackers

Greetings,

* Magnus Hagander (magnus(at)hagander(dot)net) wrote:
> On Fri, Nov 15, 2019 at 5:42 AM Thomas Munro <thomas(dot)munro(at)gmail(dot)com> wrote:
> > On Tue, Oct 29, 2019 at 4:48 AM Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> > > Uh, the user's credentials certainly are sent to the PG server.
> >
> > Perhaps we should log a warning when PostgreSQL has received a
> > password over the network without SSL. Perhaps we should log another
> > warning when PostgreSQL has sent a password over the network without
> > SSL.
>
> For the old plaintext "password" method, we log a warning when we parse the
> configuration file.
>
> Maybe we should do the same for LDAP (and RADIUS)? This seems like a better
> place to put it than to log it at every time it's received?

A dollar short and a year late, but ... +1.

Thanks,

Stephen

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Michael Paquier 2020-12-21 05:40:03 Re: CREATE INDEX CONCURRENTLY does not index prepared xact's data
Previous Message Andrey Borodin 2020-12-20 18:10:37 Re: CREATE INDEX CONCURRENTLY does not index prepared xact's data

Browse pgsql-hackers by date

  From Date Subject
Next Message Alastair Turner 2020-12-21 02:31:57 Re: Proposed patch for key managment
Previous Message Michael Paquier 2020-12-21 00:44:30 Re: Refactor routine to check for ASCII-only case