Home > mailing lists

redacting password in SQL statement in server log - Mailing list pgsql-hackers

From	Zhihong Yu
Subject	redacting password in SQL statement in server log
Date	July 24, 2022 02:44:58
Msg-id	CALNJ-vRdBH3Kp08hzgy8P28bAZcQUQXBFPD-1dRfnvE3aQB3dA@mail.gmail.com Whole thread Raw
Responses	Re: redacting password in SQL statement in server log
List	pgsql-hackers

Tree view

Hi,

Currently, in situation such as duplicate role creation, the server log would show something such as the following:

2022-07-22 13:48:18.251 UTC [330] STATEMENT: CREATE ROLE test WITH LOGIN PASSWORD 'foobar';

The password itself should be redacted before logging the statement.

Here is sample output with the patch applied:

2022-07-23 23:28:20.359 UTC [16850] ERROR: role "test" already exists
2022-07-23 23:28:20.359 UTC [16850] STATEMENT: CREATE ROLE test WITH LOGIN PASSWORD

Please take a look at the short patch.

I know variables should be declared at the start of the func - I can do that once the approach is confirmed.

Cheers

Attachment

redact-password-in-log.patch

pgsql-hackers by date:

From: Thomas Munro
Date: 24 July 2022, 02:24:26
Subject: Re: Cleaning up historical portability baggage

From: Tom Lane
Date: 24 July 2022, 03:23:06
Subject: Re: Cleaning up historical portability baggage

redacting password in SQL statement in server log - Mailing list pgsql-hackers

Attachment

Previous

Next