Shulou(Shulou.com)06/01 Report--

Passwords in PostgreSQL error log files

No one wants user passwords in error log files. PG uses SQL queries to manage user accounts, including passwords. If log_statement is enabled and log_min_error_statement is log, the user password may appear in the server log.

One workaround: Manually encrypt passwords before initiating queries, but they can still be detected by error mechanisms.

SET client_min_messages = 'log';

SET log_statement = 'all';

\ password postgres

Enter new password:

Enter it again:

LOG: statement: show password_encryption

LOG: statement: ALTER USER postgres PASSWORD 'md567429efea5606f58dff8f67e3e2ad490'

Run: show password_encryption on the psql client to see which encryption method is used, md5 or scram-sha-256. psql encrypts the password hash before issuing the alter command. This is not to say that passwords will no longer appear in log files. The wisest approach is to set log_min_error_statement to panic to prevent error queries from being logged to the log file. Another way to be safe: Use syslog to send logs to a secure server.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.