Re: pg_stat_statements showing passwords while create or alterusers.
| От | Laurenz Albe |
|---|---|
| Тема | Re: pg_stat_statements showing passwords while create or alterusers. |
| Дата | |
| Msg-id | b9d9738794d77406fc3abe601658970381c67057.camel@cybertec.at обсуждение исходный текст |
| Ответ на | pg_stat_statements showing passwords while create or alter users. (PG Doc comments form <noreply@postgresql.org>) |
| Список | pgsql-docs |
On Fri, 2020-04-17 at 02:01 +0000, PG Doc comments form wrote: > pg_stat_statements is recording passwords also, is there any way to avoid > the logging of passwords without droping extension package. > testdb=> create user test1 with password 'test123'; > CREATE ROLE > testdb=> create user test2 with encrypted password 'test123'; > CREATE ROLE > test=> select query from pg_stat_statements where query like '%test%'; > query > ----------------------------------------------------------- > create user test1 with encrypted password 'test123' > create user test2 with password 'test123' There is no way to obfuscate such passwords. Note that these statements will also show up in the server log if you set "log_statement = 'ddl'". For these reasons it is recommended to never set your password like this, but always hash it on the client side first. Most interactive clients have a way to do that, like psql`s "\password". Yours, Laurenz Albe -- Cybertec | https://www.cybertec-postgresql.com
В списке pgsql-docs по дате отправления: