Thread: BUG #16447: The query field of the pg_stat_activity table displays the clear text of the password.

BUG #16447: The query field of the pg_stat_activity table displays the clear text of the password.

From

PG Bug reporting form

Date:

18 May 2020, 12:11:57

The following bug has been logged on the website:

Bug reference:      16447
Logged by:          yi Ding
Email address:      abcxiaod@126.com
PostgreSQL version: 10.12
Operating system:   linux
Description:

When the administrator create a user and set the password,  we can see the
password in the pg_stat_activity table.

Re: BUG #16447: The query field of the pg_stat_activity tabledisplays the clear text of the password.

From

Magnus Hagander

Date:

18 May 2020, 12:43:52

On Mon, May 18, 2020 at 11:41 AM PG Bug reporting form <noreply@postgresql.org> wrote:

The following bug has been logged on the website:

Bug reference: 16447
Logged by: yi Ding
Email address: abcxiaod@126.com
PostgreSQL version: 10.12
Operating system: linux
Description:

When the administrator create a user and set the password, we can see the
password in the pg_stat_activity table.

Not when the administrator uses the suggested method for setting passwords. You can use \passwd in psql or use the createuser command to avoid that. This is clearly documented on the CREATE ROLE documentation page in the Notes section (https://www.postgresql.org/docs/12/sql-createrole.html)

Magnus Hagander
Me: https://www.hagander.net/
Work: https://www.redpill-linpro.com/