pg_stat_statements: password in command is not obfuscated

From: legrand legrand <legrand_legrand(at)hotmail(dot)com>
To: pgsql-general(at)postgresql(dot)org
Subject: pg_stat_statements: password in command is not obfuscated
Date: 2018-03-23 21:30:48
Message-ID: 1521840648120-0.post@n3.nabble.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Hello,

It seems that passwords used in commands are not removed when caught by
pg_stat_statements
(they are not "normalized" being utility statements)

exemple:
alter role tt with password '123';

select query from public.pg_stat_statements
where query like '%password%';

query
----------------------------------------
alter role tt with password '123';

Do you think its a bug ?

Regards
PAscal

--
Sent from: http://www.postgresql-archive.org/PostgreSQL-general-f1843780.html

Responses

Browse pgsql-general by date

  From Date Subject
Next Message MOISES ESPINOSA 2018-03-23 22:04:41 case and accent insensitive
Previous Message Albrecht Dreß 2018-03-23 20:58:37 Re: FDW Foreign Table Access: strange LOG message