Re: PATCH: warn about, and deprecate, clear text passwords

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>
Cc: Greg Sabino Mullane <htamfids(at)gmail(dot)com>, Nathan Bossart <nathandbossart(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Isaac Morland <isaac(dot)morland(at)gmail(dot)com>, Aleksander Alekseev <aleksander(at)timescale(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: PATCH: warn about, and deprecate, clear text passwords
Date: 2025-03-17 13:19:27
Message-ID: CA+TgmoZe1Yguej5PTo7QL11uHy3pFyk_zeL4SLPuvKq9JMn2MQ@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Sun, Mar 16, 2025 at 11:36 PM David G. Johnston
<david(dot)g(dot)johnston(at)gmail(dot)com> wrote:
> It could also be:
>
> warning: your password is known to Big Brother
> hint: use psql \password to supply a private password, or see “docs/wiki page” for more details and a way to pre-compute and send a private password via SQL.

OK, that's actually a fair point. It's still true, though, that all
the complaints that I hear about this are of the form "someone MIGHT
do something that puts their password in a log file" and a warning
doesn't stop that.

Granted, other people may hear different complaints than I do.

--
Robert Haas
EDB: http://www.enterprisedb.com

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Tomas Vondra 2025-03-17 13:27:11 Re: Snapshot related assert failure on skink
Previous Message Andrei Lepikhov 2025-03-17 13:10:23 Re: making EXPLAIN extensible