Re: elog() patch

> Basically it echoes the failed password back to the user.  Again, this
> is only with client_min_messages set to debug1-5.  I don't know how to
> fix this because we specifically set things up so the client could see
> everything the server logs see.  I wonder if echoing the failed password
> into the logs is a good idea either.  I don't think so.

Crypt/MD5 authentication does output the password encrypted:
 DEBUG:  received password packet with len=40, pw=md515e315f11670d4ba385d0c1615476780
 DEBUG:  received password packet with len=40, pw=md515e315f11670d4ba385d0c1615476780
 psql: FATAL:  Password authentication failed for user "postgres"

However, I still don't think we should be echoing this to the server
logs or the client.  There is just little value to it and potential
problems, especially with 'password' authentication.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026