| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | abcxiaod(at)126(dot)com, PostgreSQL mailing lists <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: BUG #16449: Log file and the query field of the pg_stat_statements table display clear text password. |
| Date: | 2020-05-18 09:45:13 |
| Message-ID: | CABUevEx6UKWkTftLbKROdwfc9iL-Z8gqcRQomwv_Uq4h9jEQ_Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Mon, May 18, 2020 at 11:41 AM PG Bug reporting form <
noreply(at)postgresql(dot)org> wrote:
> The following bug has been logged on the website:
>
> Bug reference: 16449
> Logged by: yi Ding
> Email address: abcxiaod(at)126(dot)com
> PostgreSQL version: 10.12
> Operating system: linux
> Description:
>
> 1、The log_statement is set to ALL
> 2、Execute statement:alter user t password 'adsf123asg';
> 3、Log file shows clear text password.
>
Yes, if you intentionally send the query in clear text, it will be logged
in clear text.
Just like with your report about creating user, it is clearly documented in
the ALTER ROLE documentation that if you don't want this, you should use
\password or a similar functionality, and not the cleartext ALTER USER.
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2020-05-18 09:46:22 | Re: BUG #16451: .psql_history file shows clear text password. |
| Previous Message | Magnus Hagander | 2020-05-18 09:43:52 | Re: BUG #16447: The query field of the pg_stat_activity table displays the clear text of the password. |