Thread: password saved in .psql_history

password saved in .psql_history

From

"hans.wolters"

Date:

25 August 2020, 23:29:54

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dear all,
I noticed the password of a used is stored in the history of the psql user (postgres in my case). This happens when
alteruser <user> with password '<password>' is used. 
I suppose it is not a real bug but it might be handy to filter that for things like a history listing.
Best regards,
Hans Wolters

Sent with ProtonMail Secure Email.
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wsBzBAEBCAAGBQJfRXSsACEJEAG7dXauaxBGFiEEDDLxCO8Yjfa/PGZNAbt1
dq5rEEYQIAgAlfySOp7MWvK9G3NeOL3No0JcHwpZ9l5WGDU+59S+Cx55YEul
CXfIzjFw9uBvd3RO/GZsKnlyz5iuY2XE/XvTz3skxlcam18wA2eybB3AWhNc
LqaJw58lNoVPLofQjbgnNcMjw9qOioa5b+syJaOHh+BJVIKquASTDUcOckF4
NE+YKeGKnu4nP9RLeojkvtWdc0CmJN58BP6lLmOiLSwIDj4LmWT8Jrdnbdwj
ggM9UFPkn+AjBjJVYSrZlGVn2WL04rpPkjzGlea8hkLu2mqZFUDSd3aVN5Fy
4bvolUnc9iXFeC8k0O+odHXpR/uWhdApfPpU4LtuAY+yZc1uzxHI3g==
=JsgG
-----END PGP SIGNATURE-----

Attachment

Re: password saved in .psql_history

From

Alvaro Herrera

Date:

26 August 2020, 00:39:46

On 2020-Aug-25, hans.wolters wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Dear all,
> I noticed the password of a used is stored in the history of the psql user (postgres in my case). This happens when
alteruser <user> with password '<password>' is used.
 
> I suppose it is not a real bug but it might be handy to filter that for things like a history listing.

This is why you should use \password in psql instead of 'alter user ..
password'.  (Well, that and the server log and risk of unencrypted
password traffic.)

-- 
Álvaro Herrera                https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services