| From: | Sami Imseih <samimseih(at)gmail(dot)com> |
|---|---|
| To: | Greg Sabino Mullane <htamfids(at)gmail(dot)com> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, Peter Eisentraut <peter(at)eisentraut(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Matheus Alcantara <matheusssilv97(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Redact user password on pg_stat_statements |
| Date: | 2025-02-25 15:12:03 |
| Message-ID: | CAA5RZ0uFdOeAOJaSsGym5bk3mxQMKk=RLpkTbwNbTbkC29cVKw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> What about a more general solution, such as a flag to turn off logging of ALTER ROLE statements completely?
IMO, flags for a specific type of utility statement seems way too much
for pg_stat_statements, and this will also not completely prevent leaking
plain text passwords from all ways that CREATE/ALTER ROLE could be
run, i.e. DO blocks, inside functions/procs with track=all.
The clients that set passwords could simply turn off track_utility
on a user/transaction level while they are performing the action with
sensitive data.
--
Sami
Amazon Web Services (AWS)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alexander Korotkov | 2025-02-25 15:19:29 | Re: Get rid of WALBufMappingLock |
| Previous Message | Bertrand Drouvot | 2025-02-25 15:00:35 | Re: per backend WAL statistics |