Changing Passwords as Encrypted not Clear-Text
От | MURAT KOÇ |
---|---|
Тема | Changing Passwords as Encrypted not Clear-Text |
Дата | |
Msg-id | CAA4y46zhEcrK=j=V-euQAERU4tk8TyyhhiQNSnPx2OvkSQF7QQ@mail.gmail.com обсуждение исходный текст |
Ответы |
Re: Changing Passwords as Encrypted not Clear-Text
Re: Changing Passwords as Encrypted not Clear-Text |
Список | pgsql-general |
Hi List,
When I try to change my db password like below SQL statement from psql or pgAdmin tool, it outputs to server logs as like this:
postgres=# alter user mkoc password 'dummy';
ALTER ROLE
ALTER ROLE
postgres=# alter user mkoc with password 'dummy';
ALTER ROLE
ALTER ROLE
### Server Logs ###
2011-12-19 14:35:31 EET--postgres--postgres--[local]--psql--idle--00000LOG: statement: alter user mkoc password 'dummy';
2011-12-19 14:35:41 EET--postgres--postgres--[local]--psql--idle--00000LOG: statement: alter user mkoc with password 'dummy';
2011-12-19 14:35:41 EET--postgres--postgres--[local]--psql--idle--00000LOG: statement: alter user mkoc with password 'dummy';
So, an OS user who can access to server log files can read DB users' clear-text passwords from these logs. In my opinion, this is a big security gap.
I don't want to see these changing password logs in clear-text. These logs must be encrypted passwords instead of clear-text like below:
Server Logs must be;
2011-12-19 14:35:31 EET--postgres--postgres--[local]--psql--idle--00000LOG: statement: alter user mkoc password values 'XFADIT9248fDSKFD';
2011-12-19 14:35:31 EET--postgres--postgres--[local]--psql--idle--00000LOG: statement: alter user mkoc password values 'XFADIT9248fDSKFD';
Is it possible to see changing passwords as encrypted? How should I change password or what is the correct sql statement to change user password?
Best Regards,
Murat KOC
В списке pgsql-general по дате отправления: