Home > mailing lists

Re: [ADMIN] Passwords in clear text in server log - Mailing list pgsql-admin

From	Don Seiler
Subject	Re: [ADMIN] Passwords in clear text in server log
Date	October 11, 2017 21:37:59
Msg-id	CAHJZqBBrUd68_Tj_NrPMRh4veF4oZU_T+8Aq2TCKQ=56aWeU7w@mail.gmail.com Whole thread Raw
In response to	Re: [ADMIN] Passwords in clear text in server log (Scott Marlowe <scott.marlowe@gmail.com>)
List	pgsql-admin

Tree view

On Wed, Oct 11, 2017 at 10:33 AM, Scott Marlowe <scott.marlowe@gmail.com> wrote:

FYI our standard hack here is to run

set log_statement='none';
alter user ...

I've seen that suggested in some forums as well. Then you aren't logging the fact that the password was changed at all. I think you'd still want to know of the fact that it occurred, but my suggestion is that we shouldn't be logging the value.

Don Seiler
www.seiler.us

pgsql-admin by date:

From: Tom Lane
Date: 11 October 2017, 21:37:36
Subject: Re: [ADMIN] Passwords in clear text in server log

From: Stephen Frost
Date: 11 October 2017, 21:47:49
Subject: Re: [ADMIN] Passwords in clear text in server log

Re: [ADMIN] Passwords in clear text in server log - Mailing list pgsql-admin

Previous

Next