Home > mailing lists

Re: Redact user password on pg_stat_statements - Mailing list pgsql-hackers

From	Sami Imseih
Subject	Re: Redact user password on pg_stat_statements
Date	February 25 18:12:03
Msg-id	CAA5RZ0uFdOeAOJaSsGym5bk3mxQMKk=RLpkTbwNbTbkC29cVKw@mail.gmail.com Whole thread Raw
In response to	Re: Redact user password on pg_stat_statements (Greg Sabino Mullane <htamfids@gmail.com>)
Responses	Re: Redact user password on pg_stat_statements Re: Redact user password on pg_stat_statements
List	pgsql-hackers

Tree view

> What about a more general solution, such as a flag to turn off logging of ALTER ROLE statements completely?

IMO, flags for a specific type of utility statement seems way too much
for pg_stat_statements, and this will also not completely prevent leaking
plain text passwords from all ways that CREATE/ALTER ROLE could be
run, i.e. DO blocks, inside functions/procs with track=all.

The clients that set passwords could simply turn off track_utility
on a user/transaction level while they are performing the action with
sensitive data.

--
Sami
Amazon Web Services (AWS)

pgsql-hackers by date:

From: Bertrand Drouvot
Date: 25 February, 18:00:35
Subject: Re: per backend WAL statistics

From: Alexander Korotkov
Date: 25 February, 18:19:29
Subject: Re: Get rid of WALBufMappingLock

Re: Redact user password on pg_stat_statements - Mailing list pgsql-hackers

Previous

Next