| From: | Alban Hertroys <haramrae(at)gmail(dot)com> |
|---|---|
| To: | MURAT KOÇ <m(dot)koc21(at)gmail(dot)com> |
| Cc: | Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Changing Passwords as Encrypted not Clear-Text |
| Date: | 2011-12-19 16:05:31 |
| Message-ID: | CAF-3MvPB3oBzSSHU6rm7yx-SV9qow7JK3baw9UqMqkYqNCo3Og@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> Of course, we could create login credentials, login configuration options
> for every DBA colleagues. But, as I said previous that big problem is
> "PostgreSQL logs include changing passwords on clear-text not encrypted"
No, the big problem is that you don't consider your fellow DBA's
reliable. That's a problem you need to solve rather sooner than later.
Another problem is that you are apparently logging all SQL statements.
Not only does that store the SQL for changing database users, it will
also slow down your database. You should really only log all
statements if you're debugging something, and only temporarily.
Of course it would be nice if those passwords would be encrypted, but
they are simply part of SQL statements - there is no means in SQL to
distinguish a password string literal from any other type of literal,
until the statement hits the database.
--
If you can't see the forest for the trees,
Cut the trees and you'll see there is no forest.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chris Angelico | 2011-12-19 16:11:11 | Re: Feature Request: Better handling of foreign keys in DELETE statements |
| Previous Message | Florian Weimer | 2011-12-19 16:03:08 | Re: fsync on ext4 does not work |