| From: | Julien Rouhaud <rjuju123(at)gmail(dot)com> |
|---|---|
| To: | Zhihong Yu <zyu(at)yugabyte(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL Developers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: redacting password in SQL statement in server log |
| Date: | 2022-07-24 11:44:49 |
| Message-ID: | 20220724114449.qqjbwgmpcgn66yhy@jrouhaud |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
On Sun, Jul 24, 2022 at 04:33:59AM -0700, Zhihong Yu wrote:
> I am thinking of adding `if not exists` to `CREATE ROLE` statement:
>
> CREATE ROLE trustworthy if not exists;
>
> In my previous example, if the user can issue the above command, there
> would be no SQL statement logged.
It's not because there might not be an error that the password wouldn't end up
in the logs (log_statement, log_min_duration_statement, typo in the
command...).
>
> Do you think it is worth adding `if not exists` clause ?
This has already been discussed and isn't wanted. You can refer to the last
discussion about that at:
https://www.postgresql.org/message-id/flat/CAOxo6XJy5_fUT4uDo2251Z_9whzu0JJGbtDgZKqZtOT9KhOKiQ(at)mail(dot)gmail(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alexander Korotkov | 2022-07-24 12:24:42 | Re: Custom tuplesorts for extensions |
| Previous Message | Zhihong Yu | 2022-07-24 11:33:59 | Re: redacting password in SQL statement in server log |