On Wed, Oct 14, 2009 at 12:25 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > Dave Page <dp...@pgadmin.org> writes: >> On Wed, Oct 14, 2009 at 5:08 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: >> I see one, and I proposed masking passwords in any relevant queries >> before they were written to the stats or logs to mitigate that. > > Let's see you do that (hint: "CREATD USER ... PASSWORD" is going to > throw a syntax error before you realize there's anything there that > might need to be protected).
It seems to me incredibly rare for anyone to issue a manual CREATE USER command with an encrypted password. And if it is generated by a script, it will presumably not have a trivial typographical error. > And you ignored the question of insecure transmission pathways, anyway. > By the time the backend has figured out that it's got a CREATE USER > ... PASSWORD command, it's already way too late if the client sent it > over a non-SSL connection. Using a non-SSL connection over an untrusted network is incredibly stupid to begin with. I'm not sure we should be basing our design decisions around that scenario. ...Robert -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers