Home > mailing lists

Re: Log of CREATE USER statement - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: Log of CREATE USER statement
Date	December 9, 2005 17:37:46
Msg-id	200512091937.39147.peter_e@gmx.net Whole thread Raw
In response to	Re: Log of CREATE USER statement (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

Tom Lane wrote:
> To put that more clearly: if the point is to keep the user's
> cleartext password out of the hands of the DBA, then the user has
> already blown it by sending the password in cleartext in the first
> place.  An untrustworthy DBA could trivially insert code into CREATE
> USER to log the original password in a place of his choosing.

With SELinux or similar systems, it might be the case that the DBA could 
not change or insert any code but could configure and read the server 
logs.  But this is admittedly a rare case currently.

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/

pgsql-hackers by date:

From: Martijn van Oosterhout
Date: 09 December 2005, 17:28:27
Subject: Re: Upcoming PG re-releases

From: Peter Eisentraut
Date: 09 December 2005, 17:41:41
Subject: Re: Log of CREATE USER statement

Re: Log of CREATE USER statement - Mailing list pgsql-hackers

Previous

Next