| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | David Rowley <david(dot)rowley(at)2ndquadrant(dot)com> |
| Cc: | legrand legrand <legrand_legrand(at)hotmail(dot)com>, pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: pg_stat_statements: password in command is not obfuscated |
| Date: | 2018-03-25 09:15:10 |
| Message-ID: | 20180325091510.GA3707@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Sat, Mar 24, 2018 at 12:17:30PM +1300, David Rowley wrote:
> If it is, then it's not a bug in pg_stat_statements. log_statement =
> 'ddl' would have kept a record of the same thing.
>
> Perhaps the best fix would be a documentation improvement to mention
> the fact and that it's best not to use plain text passwords in
> CREATE/ALTER ROLE. Passwords can be md5 encrypted.
Yeah, this is bad practice. That's one of the reasons why storage of
plain text passwords has been removed in Postgres 10 still they can be
passed via command, and also why PQencryptPasswordConn and
PQencryptPassword are useful. Using psql's \password is a good habit to
have.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | HORDER Phil | 2018-03-26 09:10:49 | RE: Foreign Key locking / deadlock issue.... v2 |
| Previous Message | Pavel Stehule | 2018-03-25 04:18:11 | Re: Troubleshooting a segfault and instance crash |