On 12/27/23 15:39, Peter Eisentraut wrote:
On 23.12.23 16:13, Joe Conway wrote:
I have recently, once again for the umpteenth time, been involved in
discussions around (paraphrasing) "why does Postgres leak the passwords
into the logs when they are changed". I know well that the canonical
advice is something like "use psql with \password if you care about that".
And while that works, it is a deeply unsatisfying answer for me to give
and for the OP to receive.
The alternative is something like "...well if you don't like that, use
PQencryptPasswordConn() to roll your own solution that meets your
security needs".
Again, not a spectacular answer IMHO. It amounts to "here is a
do-it-yourself kit, go put it together". It occurred to me that we can,
and really should, do better.
The attached patch set moves the guts of \password from psql into the
libpq client side -- PQchangePassword() (patch 0001).
The usage in psql serves as a ready built-in test for the libpq function
(patch 0002). Docs included too (patch 0003).
I don't follow how you get from the problem statement to this solution.
This proposal doesn't avoid password leakage, does it?
Yes, it most certainly does. The plaintext password would never be seen
by the server and therefore never logged. This is exactly why the
feature already existed in psql.
It just provides a different way to phrase the existing solution.
Yes, a fully built one that is convenient to use, and does not ask
everyone to roll their own.
Who is a potential user of this solution?
Literally every company that has complained that Postgres pollutes their
logs with plaintext passwords. I have heard the request to provide a
better solution many times, over many years, while working for three
different companies.
Right now it just saves a dozen lines in psql, but it's not clear how
it improves anything else.
It is to me, and so far no one else has complained about that. More
opinions would be welcomed of course.
--
Joe Conway
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com
