Home > mailing lists

Re: Redact user password on pg_stat_statements - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: Redact user password on pg_stat_statements
Date	February 24 19:04:36
Msg-id	9e4975ae-6c51-4307-a273-16fe5c033b15@eisentraut.org Whole thread Raw
In response to	Re: Redact user password on pg_stat_statements (Andrew Dunstan <andrew@dunslane.net>)
List	pgsql-hackers

Tree view

On 21.02.25 17:38, Andrew Dunstan wrote:
> I don't think this is such a terrible kluge. I think it's different from 
> the server log case, which after all requires access to the server file 
> system to exploit.

To me, the mechanism by which this patch works is completely nonobvious 
and coincidental, and it might get broken by unrelated changes.

I think a possible, more robust approach would be to put a field, say, 
security_sensitive into DefElem (or maybe a higher node, maybe even 
Query), and drive decisions from that.

pgsql-hackers by date:

From: Andres Freund
Date: 24 February, 18:50:21
Subject: Re: GetRelationPath() vs critical sections

From: Andrew Jackson
Date: 24 February, 19:07:33
Subject: Re: Add Option To Check All Addresses For Matching target_session_attr

Re: Redact user password on pg_stat_statements - Mailing list pgsql-hackers

Previous

Next