> Basically it echoes the failed password back to the user. Again, this
> is only with client_min_messages set to debug1-5. I don't know how to
> fix this because we specifically set things up so the client could see
> everything the server logs see. I wonder if echoing the failed password
> into the logs is a good idea either. I don't think so.
Crypt/MD5 authentication does output the password encrypted:
DEBUG: received password packet with len=40, pw=md515e315f11670d4ba385d0c1615476780
DEBUG: received password packet with len=40, pw=md515e315f11670d4ba385d0c1615476780
psql: FATAL: Password authentication failed for user "postgres"
However, I still don't think we should be echoing this to the server
logs or the client. There is just little value to it and potential
problems, especially with 'password' authentication.
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026