Re: Passwords in clear text in server log

Hello,

Why was my message flagged via fraud detection? What do I need to do to prevent that so I can reply?

We have several email aliases at my work location: awilliams(at)teamdrg(dot)com , awilliams(at)dresources(dot)com<mailto:awilliams(at)dresources(dot)com> and awilliams(at)dresourcesgroup(dot)com<mailto:awilliams(at)dresourcesgroup(dot)com> - I believe my outlook client was reconfigured recently to use @teamdrg.com, but I have posted here before, but I think that was using @dresources.com

Thanks,

Alex

From: pgsql-admin-owner(at)postgresql(dot)org [mailto:pgsql-admin-owner(at)postgresql(dot)org] On Behalf Of Williams, Alex
Sent: Wednesday, October 11, 2017 4:18 PM
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>; Ervin Weber <webervin(at)gmail(dot)com>
Cc: Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>; Don Seiler <don(at)seiler(dot)us>; pgsql-admin <pgsql-admin(at)postgresql(dot)org>
Subject: Re: [ADMIN] Passwords in clear text in server log

This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing<http://aka.ms/LearnAboutSpoofing>

Feedback<http://aka.ms/SafetyTipsFeedback>

"We have heard many times from people who don't have enough insight, or
enough debug support client-side, to know exactly what queries their
apps are issuing. Disabling query logging would be a horrible setback
for debuggability of such apps. How many times have you said "consult
the postmaster log to find out what's going on"?"

I completely agree. There are many cases, not just edge cases, where this has been vital to isolate and resolve issues.

________________________________
From: pgsql-admin-owner(at)postgresql(dot)org<mailto:pgsql-admin-owner(at)postgresql(dot)org> <pgsql-admin-owner(at)postgresql(dot)org<mailto:pgsql-admin-owner(at)postgresql(dot)org>> on behalf of Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us<mailto:tgl(at)sss(dot)pgh(dot)pa(dot)us>>
Sent: Wednesday, October 11, 2017 4:01:10 PM
To: Ervin Weber
Cc: Alvaro Herrera; Don Seiler; pgsql-admin
Subject: Re: [ADMIN] Passwords in clear text in server log

Ervin Weber <webervin(at)gmail(dot)com<mailto:webervin(at)gmail(dot)com>> writes:
> Alvaro Herrera wrote:
>> Actually, I do wonder why we log statements that fail to parse. Surely
>> the client ought to know that it failed, but what is the value of
>> additionally storing the query in the server log?

> To debug clients who claim it is working on their end, but data does not change.

We have heard many times from people who don't have enough insight, or
enough debug support client-side, to know exactly what queries their
apps are issuing. Disabling query logging would be a horrible setback
for debuggability of such apps. How many times have you said "consult
the postmaster log to find out what's going on"?

regards, tom lane

--
Sent via pgsql-admin mailing list (pgsql-admin(at)postgresql(dot)org<mailto:pgsql-admin(at)postgresql(dot)org>)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin