Home > mailing lists

Changing Passwords as Encrypted not Clear-Text - Mailing list pgsql-general

From	MURAT KOÇ
Subject	Changing Passwords as Encrypted not Clear-Text
Date	December 19, 2011 12:01:46
Msg-id	CAA4y46zhEcrK=j=V-euQAERU4tk8TyyhhiQNSnPx2OvkSQF7QQ@mail.gmail.com Whole thread Raw
Responses	Re: Changing Passwords as Encrypted not Clear-Text Re: Changing Passwords as Encrypted not Clear-Text
List	pgsql-general

Tree view

Hi List,

When I try to change my db password like below SQL statement from psql or pgAdmin tool, it outputs to server logs as like this:

postgres=# alter user mkoc password 'dummy';
ALTER ROLE
postgres=# alter user mkoc with password 'dummy';
ALTER ROLE

### Server Logs ###

2011-12-19 14:35:31 EET--postgres--postgres--[local]--psql--idle--00000LOG: statement: alter user mkoc password 'dummy';
2011-12-19 14:35:41 EET--postgres--postgres--[local]--psql--idle--00000LOG: statement: alter user mkoc with password 'dummy';

So, an OS user who can access to server log files can read DB users' clear-text passwords from these logs. In my opinion, this is a big security gap.

I don't want to see these changing password logs in clear-text. These logs must be encrypted passwords instead of clear-text like below:

Server Logs must be;
2011-12-19 14:35:31 EET--postgres--postgres--[local]--psql--idle--00000LOG: statement: alter user mkoc password values 'XFADIT9248fDSKFD';

Is it possible to see changing passwords as encrypted? How should I change password or what is the correct sql statement to change user password?

Best Regards,

Murat KOC

pgsql-general by date:

From: Filip Rembiałkowski
Date: 19 December 2011, 11:36:47
Subject: Re: segfault with plproxy

From: Merlin Moncure
Date: 19 December 2011, 12:02:37
Subject: Re: Logical Aggregate Functions (eg ANY())

Changing Passwords as Encrypted not Clear-Text - Mailing list pgsql-general

Previous

Next