Re: Passwords in clear text in server log

From: Don Seiler <don(at)seiler(dot)us>
To: Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-admin <pgsql-admin(at)postgresql(dot)org>
Subject: Re: Passwords in clear text in server log
Date: 2017-10-11 15:37:59
Message-ID: CAHJZqBBrUd68_Tj_NrPMRh4veF4oZU_T+8Aq2TCKQ=56aWeU7w@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

On Wed, Oct 11, 2017 at 10:33 AM, Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com>
wrote:

> FYI our standard hack here is to run
>
> set log_statement='none';
> alter user ...
>
>
I've seen that suggested in some forums as well. Then you aren't logging
the fact that the password was changed at all. I think you'd still want to
know of the fact that it occurred, but my suggestion is that we shouldn't
be logging the value.

--
Don Seiler
www.seiler.us

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Stephen Frost 2017-10-11 15:47:49 Re: Passwords in clear text in server log
Previous Message Tom Lane 2017-10-11 15:37:36 Re: Passwords in clear text in server log