Home > mailing lists

Re: pg_stat_statements: password in command is not obfuscated - Mailing list pgsql-general

From	Michael Paquier
Subject	Re: pg_stat_statements: password in command is not obfuscated
Date	March 25, 2018 15:15:10
Msg-id	20180325091510.GA3707@paquier.xyz Whole thread Raw
In response to	Re: pg_stat_statements: password in command is not obfuscated (David Rowley <david.rowley@2ndquadrant.com>)
List	pgsql-general

Tree view

On Sat, Mar 24, 2018 at 12:17:30PM +1300, David Rowley wrote:
> If it is, then it's not a bug in pg_stat_statements. log_statement =
> 'ddl' would have kept a record of the same thing.
>
> Perhaps the best fix would be a documentation improvement to mention
> the fact and that it's best not to use plain text passwords in
> CREATE/ALTER ROLE. Passwords can be md5 encrypted.

Yeah, this is bad practice.  That's one of the reasons why storage of
plain text passwords has been removed in Postgres 10 still they can be
passed via command, and also why PQencryptPasswordConn and
PQencryptPassword are useful.  Using psql's \password is a good habit to
have.
--
Michael

Attachment

signature.asc

pgsql-general by date:

From: Pavel Stehule
Date: 25 March 2018, 10:18:11
Subject: Re: Troubleshooting a segfault and instance crash

From: HORDER Phil
Date: 26 March 2018, 15:10:49
Subject: RE: Foreign Key locking / deadlock issue.... v2

Re: pg_stat_statements: password in command is not obfuscated - Mailing list pgsql-general

Attachment

Previous

Next