Postgres Pro
Downloads
Home   >   mailing lists

Thread: pg_stat_statements: password in command is not obfuscated

pg_stat_statements: password in command is not obfuscated

From
legrand legrand
Date:
Hello,

It seems that passwords used in commands are not removed when caught by
pg_stat_statements
(they are not "normalized" being utility statements) 

exemple:
alter role tt with password '123';

select query from public.pg_stat_statements
where query like '%password%';

query
----------------------------------------
alter role tt with password '123';

Do you think its a bug ?

Regards
PAscal



--
Sent from: http://www.postgresql-archive.org/PostgreSQL-general-f1843780.html

Re: pg_stat_statements: password in command is not obfuscated

From
David Rowley
Date:
On 24 March 2018 at 10:30, legrand legrand <legrand_legrand@hotmail.com> wrote:
> It seems that passwords used in commands are not removed when caught by
> pg_stat_statements
> (they are not "normalized" being utility statements)
>
> exemple:
> alter role tt with password '123';
>
> select query from public.pg_stat_statements
> where query like '%password%';
>
> query
> ----------------------------------------
> alter role tt with password '123';
>
> Do you think its a bug ?

If it is, then it's not a bug in pg_stat_statements. log_statement =
'ddl' would have kept a record of the same thing.

Perhaps the best fix would be a documentation improvement to mention
the fact and that it's best not to use plain text passwords in
CREATE/ALTER ROLE. Passwords can be md5 encrypted.

-- 
 David Rowley                   http://www.2ndQuadrant.com/
 PostgreSQL Development, 24x7 Support, Training & Services

Re: pg_stat_statements: password in command is not obfuscated

From
Michael Paquier
Date:
On Sat, Mar 24, 2018 at 12:17:30PM +1300, David Rowley wrote:
> If it is, then it's not a bug in pg_stat_statements. log_statement =
> 'ddl' would have kept a record of the same thing.
>
> Perhaps the best fix would be a documentation improvement to mention
> the fact and that it's best not to use plain text passwords in
> CREATE/ALTER ROLE. Passwords can be md5 encrypted.

Yeah, this is bad practice.  That's one of the reasons why storage of
plain text passwords has been removed in Postgres 10 still they can be
passed via command, and also why PQencryptPasswordConn and
PQencryptPassword are useful.  Using psql's \password is a good habit to
have.
--
Michael
Attachment