Home > mailing lists

Re: BUG #16447: The query field of the pg_stat_activity tabledisplays the clear text of the password. - Mailing list pgsql-bugs

From	Magnus Hagander
Subject	Re: BUG #16447: The query field of the pg_stat_activity tabledisplays the clear text of the password.
Date	May 18, 2020 12:43:52
Msg-id	CABUevEz3rSA8OvNfO1uy1OxXJ+fm4brfBFqaWu4bJcr8W8CxNg@mail.gmail.com Whole thread Raw
In response to	BUG #16447: The query field of the pg_stat_activity table displays the clear text of the password. (PG Bug reporting form <noreply@postgresql.org>)
List	pgsql-bugs

Tree view

On Mon, May 18, 2020 at 11:41 AM PG Bug reporting form <noreply@postgresql.org> wrote:

The following bug has been logged on the website:

Bug reference: 16447
Logged by: yi Ding
Email address: abcxiaod@126.com
PostgreSQL version: 10.12
Operating system: linux
Description:

When the administrator create a user and set the password, we can see the
password in the pg_stat_activity table.

Not when the administrator uses the suggested method for setting passwords. You can use \passwd in psql or use the createuser command to avoid that. This is clearly documented on the CREATE ROLE documentation page in the Notes section (https://www.postgresql.org/docs/12/sql-createrole.html)

Magnus Hagander
Me: https://www.hagander.net/
Work: https://www.redpill-linpro.com/

pgsql-bugs by date:

From: PG Bug reporting form
Date: 18 May 2020, 12:17:36
Subject: BUG #16451: .psql_history file shows clear text password.

From: Magnus Hagander
Date: 18 May 2020, 12:45:13
Subject: Re: BUG #16449: Log file and the query field of thepg_stat_statements table display clear text password.

Re: BUG #16447: The query field of the pg_stat_activity tabledisplays the clear text of the password. - Mailing list pgsql-bugs

Previous

Next