Home > mailing lists

Re: BUG #16449: Log file and the query field of thepg_stat_statements table display clear text password. - Mailing list pgsql-bugs

From	Magnus Hagander
Subject	Re: BUG #16449: Log file and the query field of thepg_stat_statements table display clear text password.
Date	May 18, 2020 12:45:13
Msg-id	CABUevEx6UKWkTftLbKROdwfc9iL-Z8gqcRQomwv_Uq4h9jEQ_Q@mail.gmail.com Whole thread Raw
In response to	BUG #16449: Log file and the query field of the pg_stat_statements table display clear text password. (PG Bug reporting form <noreply@postgresql.org>)
Responses	Re: BUG #16449: Log file and the query field of thepg_stat_statements table display clear text password. (Oleksandr Shulgin <oleksandr.shulgin@zalando.de>)
List	pgsql-bugs

Tree view

On Mon, May 18, 2020 at 11:41 AM PG Bug reporting form <noreply@postgresql.org> wrote:

The following bug has been logged on the website:

Bug reference: 16449
Logged by: yi Ding
Email address: abcxiaod@126.com
PostgreSQL version: 10.12
Operating system: linux
Description:

1、The log_statement is set to ALL
2、Execute statement：alter user t password 'adsf123asg';
3、Log file shows clear text password.

Yes, if you intentionally send the query in clear text, it will be logged in clear text.

Just like with your report about creating user, it is clearly documented in the ALTER ROLE documentation that if you don't want this, you should use \password or a similar functionality, and not the cleartext ALTER USER.

Magnus Hagander
Me: https://www.hagander.net/
Work: https://www.redpill-linpro.com/

pgsql-bugs by date:

From: Magnus Hagander
Date: 18 May 2020, 12:43:52
Subject: Re: BUG #16447: The query field of the pg_stat_activity tabledisplays the clear text of the password.

From: Magnus Hagander
Date: 18 May 2020, 12:46:22
Subject: Re: BUG #16451: .psql_history file shows clear text password.

Re: BUG #16449: Log file and the query field of thepg_stat_statements table display clear text password. - Mailing list pgsql-bugs

Previous

Next