Re: Log of CREATE USER statement

Tom Lane wrote:
> "Ricardo Vaz - TCESP" <jrvaz@tce.sp.gov.br> writes:
> > However, I would like that the password defined in CREATE USER statement
> > was registered in MD5 format, independent of the form as it was
> > specified in that statement.
> 
> Not going to happen --- we are not going to add that sort of analysis to
> the statement logging code, as the overhead would be unacceptable and
> the gain minimal.  This is hardly the only sensitive data that might be
> found in the postmaster log!  I suggest taking care with the file
> permissions on the log, instead.

One issue I have not heard is that CREATE USER, with the visible
password, is sent over the wire in cleartext, and does appear in the
logs, as we discussed, so while we MD5 the password in pg_shadow so
administrators do not see it, we do log the query if the administrator
has set it up that way.  I see no way to secure this really since the
administrator typically has control over the database installation.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073