Re: Roles with passwords; SET ROLE ... WITH PASSWORD ? - Mailing list pgsql-general

From Tom Lane
Subject Re: Roles with passwords; SET ROLE ... WITH PASSWORD ?
Date
Msg-id 14801.1259772420@sss.pgh.pa.us
Whole thread Raw
In response to Re: Roles with passwords; SET ROLE ... WITH PASSWORD ?  (Craig Ringer <craig@postnewspapers.com.au>)
List pgsql-general
Craig Ringer <craig@postnewspapers.com.au> writes:
> On 2/12/2009 11:04 PM, Tom Lane wrote:
>> Seems like it would have all the standard problems with cleartext
>> passwords being exposed in pg_stat_activity, system logs, etc.

> Yeah, I was a bit concerned about that, but it can be worked around with
> careful use of parameterised queries (depending, admittedly, on client
> library/driver).

No, not really, because we don't support parameters in utility commands.
Even if we did, parameter values get logged, so the leak to the
postmaster log is still there.

            regards, tom lane

pgsql-general by date:

Previous
From: Tom Lane
Date:
Subject: Re: Undefined subroutine &main::spi_prepare
Next
From: Israel Brewster
Date:
Subject: Re: Build universal binary on Mac OS X 10.6?