| From: | Matheus Alcantara <matheusssilv97(at)gmail(dot)com> |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Redact user password on pg_stat_statements |
| Date: | 2025-02-21 15:33:15 |
| Message-ID: | CAFY6G8eo3c0LyzmRA+wmpCnex-LOxsXpv_DK7WQ2pujmEH1nPg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi hackers!
Attached a patch to redact the password value from pg_stat_statements_view when
executing:
{ CREATE|ALTER} {USER|ROLE|GROUP } identifier { [WITH] [ENCRYPTED]
PASSWORD 'value' }
To redact the password from the pg_stat_statements view a new field location
was added on String type which represents the password value. The location is
stored on JumbleState when JumbleQuery is called. The JumbleState is then used
on generate_normalized_query from pg_stat_statements.c to replace any location
stored with $%d.
The grammar was also changed to set the location field of the String type only
on these specific commands.
Thoughts?
--
Matheus Alcantara
| Attachment | Content-Type | Size |
|---|---|---|
| v1-0001-Redact-user-password-on-pg_stat_statements.patch | application/octet-stream | 2.5 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Sabino Mullane | 2025-02-21 15:48:28 | Re: Redact user password on pg_stat_statements |
| Previous Message | Peter Eisentraut | 2025-02-21 15:21:33 | Re: SQL:2011 application time |