Bug reference: 16449 Logged by: yi Ding Email address: abcxiaod@126.com PostgreSQL version: 10.12 Operating system: linux Description:
1、The log_statement is set to ALL 2、Execute statement:alter user t password 'adsf123asg'; 3、Log file shows clear text password.
Yes, if you intentionally send the query in clear text, it will be logged in clear text.
Just like with your report about creating user, it is clearly documented in the ALTER ROLE documentation that if you don't want this, you should use \password or a similar functionality, and not the cleartext ALTER USER.