Re: BUG #18817: Security Bug Report: Plaintext Password Exposure in Logs

Matthias Apitz <guru(at)unixarea(dot)de> writes:
> What do I have to configure in the PostgreSQL server to get this
> reproduced? I tried:

[ scratches head... ] Seems like you must be looking in the wrong
log file. It works for me:

$ psql postgres
psql (18devel)
Type "help" for help.

postgres=# set log_statement = 'all';
SET
postgres=# CREATE USER bla WITH PASSWORD 'bla';
CREATE ROLE
postgres=# \q
$ tail .../postmaster.log
...
2025-02-19 01:19:18.638 EST [1949443] LOG: statement: CREATE USER bla WITH PASSWORD 'bla';

If you're not running with log_statement = all, the most likely
scenario is a syntax error:

$ psql postgres
psql (18devel)
Type "help" for help.

postgres=# CREATE USER bla WITH PASWORD 'bla';
ERROR: unrecognized role option "pasword"
LINE 1: CREATE USER bla WITH PASWORD 'bla';
^
postgres=# \q
$ tail .../postmaster.log
...
2025-02-19 01:25:39.227 EST [1950440] ERROR: unrecognized role option "pasword" at character 22
2025-02-19 01:25:39.227 EST [1950440] STATEMENT: CREATE USER bla WITH PASWORD 'bla';

Of course, this command didn't do anything; but a person reading the
log would have a pretty strong clue what password you were about to
assign. (And contrarily, Postgres itself would have no clue that
'bla' might be something that needs hiding.)

regards, tom lane