Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tlVZY-00Ca3d-Nl for pgsql-hackers@arkaria.postgresql.org; Fri, 21 Feb 2025 16:08:16 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tlVZX-00CCXi-FY for pgsql-hackers@arkaria.postgresql.org; Fri, 21 Feb 2025 16:08:15 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tlVZX-00CCUa-5Y for pgsql-hackers@lists.postgresql.org; Fri, 21 Feb 2025 16:08:15 +0000 Received: from sss.pgh.pa.us ([68.162.161.243]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1tlVZU-002BUe-26 for pgsql-hackers@lists.postgresql.org; Fri, 21 Feb 2025 16:08:14 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 51LG8BnS3134387; Fri, 21 Feb 2025 11:08:11 -0500 From: Tom Lane To: Matheus Alcantara cc: PostgreSQL Hackers Subject: Re: Redact user password on pg_stat_statements In-reply-to: References: Comments: In-reply-to Matheus Alcantara message dated "Fri, 21 Feb 2025 12:33:15 -0300" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <3134385.1740154091.1@sss.pgh.pa.us> Content-Transfer-Encoding: quoted-printable Date: Fri, 21 Feb 2025 11:08:11 -0500 Message-ID: <3134386.1740154091@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Matheus Alcantara writes: > Attached a patch to redact the password value from pg_stat_statements_vi= ew when > executing: > { CREATE|ALTER} {USER|ROLE|GROUP } identifier { [WITH] [ENCRYPTED] > PASSWORD 'value' } Please see previous threads about hiding this sort of information, most recently [1]. It's a slippery slope for which there are no real fixes, and even partial fixes like this one are horrid kluges. One obvious objection to the direction you propose here is that it does nothing for pg_stat_activity, nor for the server log if log_statement is enabled. The right answer is to never send cleartext passwords to the server in the first place. regards, tom lane [1] https://www.postgresql.org/message-id/flat/18817-771682052a364bfe%40po= stgresql.org