| From: | Guillaume Lelarge <guillaume(at)lelarge(dot)info> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Greg Sabino Mullane <htamfids(at)gmail(dot)com>, Jelte Fennema-Nio <postgres(at)jeltef(dot)nl>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Add a warning message when using unencrypted passwords |
| Date: | 2024-12-09 14:58:20 |
| Message-ID: | CAECtzeWRBCb3iC3Okk7jt7h44XTtYaifSFcADM4CLqOBOMusWg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
Le lun. 9 déc. 2024 à 14:40, Daniel Gustafsson <daniel(at)yesql(dot)se> a écrit :
> > On 9 Dec 2024, at 14:26, Greg Sabino Mullane <htamfids(at)gmail(dot)com> wrote:
>
> > -1 to throwing an ERROR - that's not really an error, and not our call
> to make, so a WARNING is sufficient.
>
> Agreed, regardless of how bad it's considered, it's not an error. There
> are
> many ways sensitive data can end up in the logs and offering the impression
> there is a safety switch offers a false sense of security.
>
>
I'm fine with adding a test on whether or not we log statements. But that
completely hides the fact that people listening on the network could also
get to the password if the server doesn't use SSL. Isn't it weird to warn
about one potential leak and not the other one?
--
Guillaume.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dilip Kumar | 2024-12-09 15:04:13 | Re: Track the amount of time waiting due to cost_delay |
| Previous Message | Tomas Vondra | 2024-12-09 14:47:55 | Re: FileFallocate misbehaving on XFS |