On 10/29/14, 2:33 PM, Tom Lane wrote:
> Capture the postmaster log. Keep on capturing it till somebody
> fat-fingers their login to the extent of swapping the username and
> password (yeah, I've done that, haven't you?).
Which begs the question: why on earth do we log passwords at all? This is a problem for ALTER ROLE too.
Perhaps it would make sense if we had a dedicated security log this stuff went into, but if you're running something
likepgBadger/pgFouine you're going to be copying logfiles off somewhere else and now you've got a security problem.
Let alone if you're using syslog...
--
Jim Nasby, Data Architect, Blue Treble Consulting
Data in Trouble? Get it in Treble! http://BlueTreble.com