| From: | Dmitry Igrishin <dmitigr(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SET SESSION AUTHORIZATION superuser limitation. |
| Date: | 2015-12-21 16:16:41 |
| Message-ID: | CAAfz9KP1_7yTH9Ojeu0hfE2BqYZ7QtY2bnvfjt1Gc3ctUaqroQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
2015-12-21 17:57 GMT+03:00 Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:
> Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> > On Sun, Dec 20, 2015 at 1:47 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> >> The syntax you propose exposes the user's password in cleartext in
> >> the command, where it is likely to get captured in logs for example.
> >> That's not going to do.
>
> > Of course, right now, the ALTER USER ... PASSWORD command has that
> > problem which is, uh, bad.
>
> Which is why we invented the ENCRYPTED PASSWORD syntax, as well as
> psql's \password command ... but using that approach for actual
> login to an account would be a security fail as well.
>
The connection should be secured somehow (SSL/SSH...) to prevent password
thefts. On the other hand, the logging system should not log details of
commands
like ALTER USER ...
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2015-12-21 16:41:43 | Re: Additional role attributes && superuser review |
| Previous Message | Viktor Leis | 2015-12-21 15:57:14 | Re: Experimental evaluation of PostgreSQL's query optimizer |