Home > mailing lists

Re: [ADMIN] Passwords in clear text in server log - Mailing list pgsql-admin

From	Tom Lane
Subject	Re: [ADMIN] Passwords in clear text in server log
Date	October 11, 2017 20:48:33
Msg-id	9072.1507733313@sss.pgh.pa.us Whole thread Raw
In response to	[ADMIN] Passwords in clear text in server log (Don Seiler <don@seiler.us>)
Responses	Re: [ADMIN] Passwords in clear text in server log (Don Seiler <don@seiler.us>)
List	pgsql-admin

Tree view

Don Seiler <don@seiler.us> writes:
> When I run a CREATE USER or ALTER USER statement and set a password for a
> user, that statement gets printed to the server log, along with the
> password, IN CLEAR TEXT.

This is why psql has provisions for encrypting a new password on the
client side --- see \password.

More generally, almost any SQL command might contain data that somebody
thinks is sensitive for some purpose or other.  If you're going to log
commands, it behooves you to make sure the log is not widely readable.
        regards, tom lane


-- 
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

pgsql-admin by date:

From: Don Seiler
Date: 11 October 2017, 20:30:50
Subject: [ADMIN] Passwords in clear text in server log

From: Don Seiler
Date: 11 October 2017, 21:22:31
Subject: Re: [ADMIN] Passwords in clear text in server log

Re: [ADMIN] Passwords in clear text in server log - Mailing list pgsql-admin

Previous

Next