| From: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
|---|---|
| To: | Keith Pinnix <kpinnix(at)yahoo(dot)com> |
| Cc: | pgsql-admin <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: postgresql 8.3 logging user passwords in clear text |
| Date: | 2010-08-24 17:04:07 |
| Message-ID: | 1282669372-sup-226@alvh.no-ip.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Excerpts from Keith Pinnix's message of lun ago 23 19:47:53 -0400 2010:
> All:
>
> I have a postgresql instance and I have noticed that it is logging the user
> passwords in clear text in the postgresql.log. Is this configurable so that it
> retains the user info and commands but does not log the password?
In what context? If you're doing ALTER ROLE / PASSWORD with the
password in clear text, then that's obviously going to show up in the
log. The solution is to encrypt them client-side; for example use
\password in psql to change passwords, which does that automatically.
--
Álvaro Herrera <alvherre(at)commandprompt(dot)com>
The PostgreSQL Company - Command Prompt, Inc.
PostgreSQL Replication, Consulting, Custom Development, 24x7 support
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2010-08-24 17:19:37 | Re: Unable to drop role |
| Previous Message | Alvaro Herrera | 2010-08-24 16:53:45 | Re: Unable to drop role |