Home > mailing lists

Re: Add a warning message when using unencrypted passwords - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Add a warning message when using unencrypted passwords
Date	February 4 22:59:43
Msg-id	649465.1738688383@sss.pgh.pa.us Whole thread Raw
In response to	Re: Add a warning message when using unencrypted passwords (Jelte Fennema-Nio <postgres@jeltef.nl>)
Responses	Re: Add a warning message when using unencrypted passwords
List	pgsql-hackers

Tree view

Guillaume Lelarge <guillaume.lelarge@dalibo.com> writes:
> v2 is attached.

This seems pretty much entirely useless to me.  The password
has already been leaked to the log (*and* the network, if
session is unencrypted), so what's the point of a warning?
And as already noted, this ignores several other hazards of
the same sort, so it's more likely to create a false sense of
security than anything else.

(In addition to the points noted, what of event triggers?
Or ~/.psql_history?)

            regards, tom lane

pgsql-hackers by date:

From: Daniel Gustafsson
Date: 04 February, 22:51:28
Subject: Re: add missing PQfinish() calls to vacuumdb

From: Matthias van de Meent
Date: 04 February, 23:15:08
Subject: Re: RFC: Packing the buffer lookup table

Re: Add a warning message when using unencrypted passwords - Mailing list pgsql-hackers

Previous

Next