BUG #17338: pgaudit ddl audit logging show clear text password when create user mapping

From: PG Bug reporting form <noreply(at)postgresql(dot)org>
To: pgsql-bugs(at)lists(dot)postgresql(dot)org
Cc: chaolpan(at)cisco(dot)com
Subject: BUG #17338: pgaudit ddl audit logging show clear text password when create user mapping
Date: 2021-12-16 06:12:11
Message-ID: 17338-36d29597b910398f@postgresql.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

The following bug has been logged on the website:

Bug reference: 17338
Logged by: James Pang
Email address: chaolpan(at)cisco(dot)com
PostgreSQL version: 13.4
Operating system: RHEL8.4
Description:

pgaudit.log_catalog='on'
pgaudit.log_level='log'
pgaudit.log_parameter=on
pgaudit.log_statement_once=off
pgaudit.log='all, -misc'
pgaudit.log='ddl,role'

when create user jamet password 'testfdwpass';
audit log looks fine ,
2021-12-16 06:09:54.728 UTC:[local]:postgres(at)jamet:[67011]:[3-1]:2021-12-16
06:09:35 UTC:psqlLOG: AUDIT: SESSION,1,1,ROLE,CREATE ROLE,,,create user
jamet password <REDACTED>,<none>

but when create user mapping for fdw , it show clear text password in
OPTIONS(user 'jamet', password '...')

CREATE USER MAPPING FOR jamet SERVER foreign_server OPTIONS (user 'jamet',
password 'testfdwpass');

AUDIT: SESSION,1,1,DDL,CREATE USER MAPPING,USER MAPPING,jamet on server
foreign_server,"CREATE USER MAPPING FOR jamet SERVER foreign_server OPTIONS
(user 'jamet', password 'testfdwpass');"

Browse pgsql-bugs by date

  From Date Subject
Next Message Nicolas M 2021-12-16 09:46:29 Re: Updatable view (where in) with check option doesn't validate data properly
Previous Message Tom Lane 2021-12-16 01:05:54 Re: Updatable view (where in) with check option doesn't validate data properly