| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com> |
| Cc: | Don Seiler <don(at)seiler(dot)us>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-admin <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Passwords in clear text in server log |
| Date: | 2017-10-11 15:47:49 |
| Message-ID: | 20171011154748.GM4628@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Scott, Don, all,
* Scott Marlowe (scott(dot)marlowe(at)gmail(dot)com) wrote:
> FYI our standard hack here is to run
>
> set log_statement='none';
> alter user ...
That's pretty terrible, frankly.
> I do agree it would be nice to have postgres stamp out the password
> field with *** when logging though
The right approach is to use SCRAM and the exported libpq functions for
generating a proper verifier that is then passed to ALTER USER, just
like \password does in psql.
Of course, SCRAM is only in v10. The old md5 method has other issues
beyond this. Better than all of the above is to use either Kerberos or
client-side certificates.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Don Seiler | 2017-10-11 16:11:03 | Re: Passwords in clear text in server log |
| Previous Message | Don Seiler | 2017-10-11 15:37:59 | Re: Passwords in clear text in server log |