Craig Ringer <craig@postnewspapers.com.au> writes:
> On 2/12/2009 11:04 PM, Tom Lane wrote:
>> Seems like it would have all the standard problems with cleartext
>> passwords being exposed in pg_stat_activity, system logs, etc.
> Yeah, I was a bit concerned about that, but it can be worked around with
> careful use of parameterised queries (depending, admittedly, on client
> library/driver).
No, not really, because we don't support parameters in utility commands.
Even if we did, parameter values get logged, so the leak to the
postmaster log is still there.
regards, tom lane