Quick Links

Re: Passwords in clear text in server log

From:	Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>
To:	Don Seiler <don(at)seiler(dot)us>
Cc:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-admin <pgsql-admin(at)postgresql(dot)org>
Subject:	Re: Passwords in clear text in server log
Date:	2017-10-11 19:43:23
Message-ID:	20171011194323.s2alxtl3krdvj7hj@alvherre.pgsql
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-admin

Don Seiler wrote:

> If you're going to log statements that fail to parse, then yes it will make
> it harder to close these loopholes. That's also new to me, coming from a
> different RDBMS world. It logs neither bad (failed to parse) SQL nor user
> passwords.

Actually, I do wonder why we log statements that fail to parse. Surely
the client ought to know that it failed, but what is the value of
additionally storing the query in the server log?

--
Álvaro Herrera https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

In response to

Re: Passwords in clear text in server log at 2017-10-11 16:11:03 from Don Seiler

Responses

Re: Passwords in clear text in server log at 2017-10-11 19:46:44 from Ervin Weber

Browse pgsql-admin by date

	From	Date	Subject
Next Message	Ervin Weber	2017-10-11 19:46:44	Re: Passwords in clear text in server log
Previous Message	Don Seiler	2017-10-11 16:25:49	Re: Passwords in clear text in server log