Re: Log of CREATE USER statement

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: pgsql-hackers(at)postgresql(dot)org
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Ricardo Vaz - TCESP" <jrvaz(at)tce(dot)sp(dot)gov(dot)br>
Subject: Re: Log of CREATE USER statement
Date: 2005-12-09 17:34:09
Message-ID: 200512091834.10014.peter_e@gmx.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Tom Lane wrote:
> > However, I would like that the password defined in CREATE USER
> > statement was registered in MD5 format, independent of the form as
> > it was specified in that statement.
>
> Not going to happen --- we are not going to add that sort of analysis
> to the statement logging code, as the overhead would be unacceptable
> and the gain minimal. This is hardly the only sensitive data that
> might be found in the postmaster log! I suggest taking care with the
> file permissions on the log, instead.

While I agree that the overhead in the logging code does not seem
attractive, it's still a problem that the password handling in
PostgreSQL continues to be relatively insecure. When we introduced MD5
passwords, one of the reasons was to prevent the administrator from
simply reading the users' passwords. Users who choose a password
should have the assurance that the password cannot be seen in
plain-text by anyone anywhere. In a PostgreSQL system, the password
can be seen in all kinds of places, like the psql history, the server
log, the activity displays, and who knows where else. I don't have a
good solution for this, but it should be addressed sometime.

--
Peter Eisentraut
http://developer.postgresql.org/~petere/

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Bruce Momjian 2005-12-09 17:38:21 Re: Upcoming PG re-releases
Previous Message Tom Lane 2005-12-09 17:32:21 Re: Min Xid problem proposal