public inbox for [email protected]  
help / color / mirror / Atom feed
From: Tom Lane <[email protected]>
To: Matheus Alcantara <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Subject: Re: Redact user password on pg_stat_statements
Date: Fri, 21 Feb 2025 11:08:11 -0500
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAFY6G8eo3c0LyzmRA+wmpCnex-LOxsXpv_DK7WQ2pujmEH1nPg@mail.gmail.com>
References: <CAFY6G8eo3c0LyzmRA+wmpCnex-LOxsXpv_DK7WQ2pujmEH1nPg@mail.gmail.com>

Matheus Alcantara <[email protected]> writes:
> Attached a patch to redact the password value from pg_stat_statements_view when
> executing:
> { CREATE|ALTER} {USER|ROLE|GROUP } identifier { [WITH] [ENCRYPTED]
> PASSWORD 'value' }

Please see previous threads about hiding this sort of information,
most recently [1].  It's a slippery slope for which there are no
real fixes, and even partial fixes like this one are horrid kluges.
One obvious objection to the direction you propose here is that it
does nothing for pg_stat_activity, nor for the server log if
log_statement is enabled.

The right answer is to never send cleartext passwords to the server
in the first place.

			regards, tom lane

[1] https://www.postgresql.org/message-id/flat/18817-771682052a364bfe%40postgresql.org






view thread (2+ messages)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected]
  Subject: Re: Redact user password on pg_stat_statements
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox