Home > mailing lists

Re: [ADMIN] Passwords in clear text in server log - Mailing list pgsql-admin

From	Alvaro Herrera
Subject	Re: [ADMIN] Passwords in clear text in server log
Date	October 12, 2017 01:43:23
Msg-id	20171011194323.s2alxtl3krdvj7hj@alvherre.pgsql Whole thread Raw
In response to	Re: [ADMIN] Passwords in clear text in server log (Don Seiler <don@seiler.us>)
Responses	Re: [ADMIN] Passwords in clear text in server log (Ervin Weber <webervin@gmail.com>)
List	pgsql-admin

Tree view

Don Seiler wrote:

> If you're going to log statements that fail to parse, then yes it will make
> it harder to close these loopholes. That's also new to me, coming from a
> different RDBMS world. It logs neither bad (failed to parse) SQL nor user
> passwords.

Actually, I do wonder why we log statements that fail to parse.  Surely
the client ought to know that it failed, but what is the value of
additionally storing the query in the server log?

-- 
Álvaro Herrera                https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services


-- 
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

pgsql-admin by date:

From: Don Seiler
Date: 11 October 2017, 22:25:49
Subject: Re: [ADMIN] Passwords in clear text in server log

From: Ervin Weber
Date: 12 October 2017, 01:46:44
Subject: Re: [ADMIN] Passwords in clear text in server log

Re: [ADMIN] Passwords in clear text in server log - Mailing list pgsql-admin

Previous

Next