The following bug has been logged on the website:
Bug reference: 16449
Logged by: yi Ding
Email address: abcxiaod@126.com
PostgreSQL version: 10.12
Operating system: linux
Description:
1、The log_statement is set to ALL
2、Execute statement:alter user t password 'adsf123asg';
3、Log file shows clear text password.
2020-05-18 10:32:11.606
CST,"postgres","postgres",16959,"[local]",5ec1f354.423f,3,"",2020-05-18
10:30:44 CST,14/26972,0,LOG,00000,"statement: alter user t password
'adsf123asg';",,,,,,,,"exec_simple_query, postgres.c:963","psql"
4、The query field of the pg_stat_statements table displays the clear text
of the password.
postgres=# select * from pg_stat_statements where queryid = '2555618481';
-[ RECORD 1 ]-------+-----------------------------------
userid | 10
dbid | 12298
queryid | 2555618481
query | alter user t password 'adsf123asg'
calls | 2
total_time | 0.266986
min_time | 0.127103
max_time | 0.139883
mean_time | 0.133493
stddev_time | 0.00639000000000001
rows | 0
shared_blks_hit | 6
shared_blks_read | 0
shared_blks_dirtied | 2
shared_blks_written | 0
local_blks_hit | 0
local_blks_read | 0
local_blks_dirtied | 0
local_blks_written | 0
temp_blks_read | 0
temp_blks_written | 0
blk_read_time | 0
blk_write_time | 0