Thanks for sharing the details. It looks like a valid issue and has not been resolved yet. Currently, the solution is keeping the file remains secure, but when it comes to SIEM monitoring, it will be a major concern. Any thoughts on this?
On Tue, 18 Feb 2025 at 22:51, PG Bug reporting form <noreply@postgresql.org> wrote: > During the integration of PostgreSQL Database v15 logs into a SIEM > solution,I observed that user passwords are logged in plaintext when a user > is created using the database command. This poses a serious security risk as > credentials could be exposed to unauthorized users who have access to the > logs.
> Steps to Reproduce:
> CREATE USER indrajeet WITH PASSWORD 'indrajeet'
There's some relevant discussion about this in [1], in particular, see [2].
