| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | chandu_munnu(at)yahoo(dot)com, pgsql-docs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: pg_stat_statements showing passwords while create or alter users. |
| Date: | 2020-04-17 07:01:12 |
| Message-ID: | b9d9738794d77406fc3abe601658970381c67057.camel@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
On Fri, 2020-04-17 at 02:01 +0000, PG Doc comments form wrote:
> pg_stat_statements is recording passwords also, is there any way to avoid
> the logging of passwords without droping extension package.
> testdb=> create user test1 with password 'test123';
> CREATE ROLE
> testdb=> create user test2 with encrypted password 'test123';
> CREATE ROLE
> test=> select query from pg_stat_statements where query like '%test%';
> query
> -----------------------------------------------------------
> create user test1 with encrypted password 'test123'
> create user test2 with password 'test123'
There is no way to obfuscate such passwords.
Note that these statements will also show up in the server log
if you set "log_statement = 'ddl'".
For these reasons it is recommended to never set your password like
this, but always hash it on the client side first.
Most interactive clients have a way to do that, like psql`s "\password".
Yours,
Laurenz Albe
--
Cybertec | https://www.cybertec-postgresql.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | PG Doc comments form | 2020-04-17 07:37:52 | PDF documentation bug: different table columns overlap and are unreadable |
| Previous Message | Magnus Hagander | 2020-04-17 06:57:24 | Re: pg_stat_statements showing passwords while create or alter users. |