Greetings,
* Magnus Hagander (magnus@hagander.net) wrote:
> On Fri, Nov 15, 2019 at 5:42 AM Thomas Munro <thomas.munro@gmail.com> wrote:
> > On Tue, Oct 29, 2019 at 4:48 AM Stephen Frost <sfrost@snowman.net> wrote:
> > > Uh, the user's credentials certainly are sent to the PG server.
> >
> > Perhaps we should log a warning when PostgreSQL has received a
> > password over the network without SSL. Perhaps we should log another
> > warning when PostgreSQL has sent a password over the network without
> > SSL.
>
> For the old plaintext "password" method, we log a warning when we parse the
> configuration file.
>
> Maybe we should do the same for LDAP (and RADIUS)? This seems like a better
> place to put it than to log it at every time it's received?
A dollar short and a year late, but ... +1.
Thanks,
Stephen