Re: [GENERAL] Roles with passwords; SET ROLE ... WITH PASSWORD ?

Tom Lane Wed, 02 Dec 2009 08:47:30 -0800

Craig Ringer <cr...@postnewspapers.com.au> writes:
> On 2/12/2009 11:04 PM, Tom Lane wrote:
>> Seems like it would have all the standard problems with cleartext
>> passwords being exposed in pg_stat_activity, system logs, etc.


> Yeah, I was a bit concerned about that, but it can be worked around with 
> careful use of parameterised queries (depending, admittedly, on client 
> library/driver).

No, not really, because we don't support parameters in utility commands.
Even if we did, parameter values get logged, so the leak to the
postmaster log is still there.

                        regards, tom lane

-- 
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

Re: [GENERAL] Roles with passwords; SET ROLE ... WITH PASSWORD ?

Reply via email to