Re: BUG #16449: Log file and the query field of thepg_stat_statements table display clear text password.
| От | Oleksandr Shulgin |
|---|---|
| Тема | Re: BUG #16449: Log file and the query field of thepg_stat_statements table display clear text password. |
| Дата | |
| Msg-id | CACACo5QLeQ+Z0BECp05hHYbqy8Fe1X_ziPmHxr3tyLzVeL9jCw@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: BUG #16449: Log file and the query field of thepg_stat_statements table display clear text password. (Magnus Hagander <magnus@hagander.net>) |
| Ответы |
Re: BUG #16449: Log file and the query field of thepg_stat_statements table display clear text password.
|
| Список | pgsql-bugs |
On Mon, May 18, 2020 at 11:45 AM Magnus Hagander <magnus@hagander.net> wrote:
1、The log_statement is set to ALL
2、Execute statement:alter user t password 'adsf123asg';
3、Log file shows clear text password.Yes, if you intentionally send the query in clear text, it will be logged in clear text.Just like with your report about creating user, it is clearly documented in the ALTER ROLE documentation that if you don't want this, you should use \password or a similar functionality, and not the cleartext ALTER USER.
I think it's worth noting that using psql's \password command still results in an ALTER USER being sent to the server, and thus ending up in the logs. The difference is that the logged password is already encrypted:
postgres=# \password t
Enter new password:
Enter it again:
********* QUERY **********
ALTER USER t PASSWORD 'md5cf853b7f00ed64ef120b3f6af0d073c2'
**************************
Enter new password:
Enter it again:
********* QUERY **********
ALTER USER t PASSWORD 'md5cf853b7f00ed64ef120b3f6af0d073c2'
**************************
Cheers,
--
Alex
В списке pgsql-bugs по дате отправления: