<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">On 1/3/24 7:53 AM, Robert Haas wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CA+TgmoZ=V9t+07LHAhJVU0-F-g+Gmu4eeYi+gFPTf2RuOrMxpQ(at)mail(dot)gmail(dot)com">
<pre>Also, +1 for the general idea. I don't think this is a whole answer to
the problem of passwords appearing in log files because (1) you have
to be using libpq in order to make use of this and (2) you have to
actually use it instead of just doing something else and complaining
about the problem. But neither of those things is a reason not to have
it. There's no reason why a sophisticated user who goes through libpq
shouldn't have an easy way to do this instead of being asked to
reimplement it if they want the functionality.</pre>
</blockquote>
<p>ISTM the only way to really move the needle (short of removing
all SQL support for changing passwords) would be a GUC that allows
disabling the use of SQL for setting passwords. While that doesn't
prevent leakage, it does at least force users to use a secure
method of setting passwords.<br>
</p>
<pre class="moz-signature" cols="72">--
Jim Nasby, Data Architect, Austin TX</pre>
</body>
</html>