On Thu, Jan 31, 2019 at 04:13:22PM +0300, Sergei Kornilov wrote: > I my opinion this is not issue, database logs can have sensitive > data. User queries, for example. If we not want expose such info - > it is ok just hide new value from logs with new GUC flag? Or i need > implement masked conninfo for this purpose?
You have problems with things in this area for any commands logged and able to show a connection string or a password, which can go down as well to CREATE/ALTER ROLE or FDWs. So for the purpose of what's discussed on this thread it does not sound like a requirement to be able to hide that. Role DDLs can take an already-hashed input to avoid that, still knowing the MD5 hash is sufficient for connection (not for SCRAM!). Now for FDWs.. -- Michael
signature.asc
Description: PGP signature