Home > mailing lists

Re: redacting password in SQL statement in server log - Mailing list pgsql-hackers

From	Julien Rouhaud
Subject	Re: redacting password in SQL statement in server log
Date	July 24, 2022 14:44:49
Msg-id	20220724114449.qqjbwgmpcgn66yhy@jrouhaud Whole thread Raw
In response to	Re: redacting password in SQL statement in server log (Zhihong Yu <zyu@yugabyte.com>)
List	pgsql-hackers

Tree view

Hi,

On Sun, Jul 24, 2022 at 04:33:59AM -0700, Zhihong Yu wrote:
> I am thinking of adding `if not exists` to `CREATE ROLE` statement:
>
> CREATE ROLE trustworthy if not exists;
>
> In my previous example, if the user can issue the above command, there
> would be no SQL statement logged.

It's not because there might not be an error that the password wouldn't end up
in the logs (log_statement, log_min_duration_statement, typo in the
command...).
>
> Do you think it is worth adding `if not exists` clause ?

This has already been discussed and isn't wanted.  You can refer to the last
discussion about that at:
https://www.postgresql.org/message-id/flat/CAOxo6XJy5_fUT4uDo2251Z_9whzu0JJGbtDgZKqZtOT9KhOKiQ@mail.gmail.com

pgsql-hackers by date:

From: Zhihong Yu
Date: 24 July 2022, 14:33:59
Subject: Re: redacting password in SQL statement in server log

From: Alexander Korotkov
Date: 24 July 2022, 15:24:42
Subject: Re: Custom tuplesorts for extensions

Re: redacting password in SQL statement in server log - Mailing list pgsql-hackers

Previous

Next