current community

your communities

more stack exchange communities

Stack Exchange
tour help
Take the 2-minute tour ×
Database Administrators Stack Exchange is a question and answer site for database professionals who wish to improve their database skills and learn from others in the community. It's 100% free, no registration required.
up vote 1 down vote favorite

I do not have access to a Postgres installation, so I cannot check.

I am a security guy, and I'm seeing plaintext passwords in the logs:

create user user1 with password 'PLAINTEXT PASSWORD'

How can the DBAs change or create their passwords without the password in the clear in the logs?

I've seen this, which states you can use an md5 hash of the password, but then the hash is also in the clear. Is there a better way?

share|improve this question
    
"I do not have access to a Postgres installation, so I cannot check." . Well, it's trivial to install PostgreSQL on pretty much anything for testing. Not that you need to test anything here - more of an FYI, it's not like MS SQL / Oracle / DB2 etc where you need licenses etc to test on a real version. –  Craig Ringer Mar 7 at 12:00

1 Answer 1

up vote 3 down vote

It sounds like log_statement is set to all.

If you wish to prevent passwords from appearing in the logs while log_statement is set to a value that captures ALTER USER / ALTER ROLE then you'll want to override that when changing passwords. e.g.

BEGIN;
SET LOCAL log_statement = 'none';
ALTER USER ... SET PASSWORD ...;
COMMIT;

You must be a superuser to do this. Normal users cannot override logging rules.

It would be nice if PostgreSQL supported flagging some parameters to statements (or even functions) as security-sensitive and allowed users to request that they be masked in logs, pg_stat_statements, pg_stat_activity, etc. There is not currently any such feature - but hey, patches are welcome. If you're genuinely interested, post on pgsql-hackers before writing any actual code so you can get advice and comments, though. Alternately, speak to someone who does contract development.

In general PostgreSQL expects you to treat the logs as sensitive.

There are other areas where logging is a serious security concern. For example some of the pgcrypto functions take crypto keys as parameters.

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.