Re: BUG #18817: Security Bug Report: Plaintext Password Exposure in Logs

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Matthias Apitz <guru@unixarea.de>
Cc: Indrajeeth Deshmukh <bkindrajeeth@gmail.com>, David Rowley <dgrowleyml@gmail.com>, pgsql-bugs@lists.postgresql.org
Date: 2025-02-19T06:30:18Z
Lists: pgsql-bugs
Matthias Apitz <guru@unixarea.de> writes:
> What do I have to configure in the PostgreSQL server to get this
> reproduced? I tried:

[ scratches head... ]  Seems like you must be looking in the wrong
log file.  It works for me:

$ psql postgres
psql (18devel)
Type "help" for help.

postgres=# set log_statement = 'all';
SET
postgres=# CREATE USER bla WITH PASSWORD 'bla';
CREATE ROLE
postgres=# \q
$ tail .../postmaster.log
...
2025-02-19 01:19:18.638 EST [1949443] LOG:  statement: CREATE USER bla WITH PASSWORD 'bla';

If you're not running with log_statement = all, the most likely
scenario is a syntax error:

$ psql postgres
psql (18devel)
Type "help" for help.

postgres=# CREATE USER bla WITH PASWORD 'bla';
ERROR:  unrecognized role option "pasword"
LINE 1: CREATE USER bla WITH PASWORD 'bla';
                             ^
postgres=# \q
$ tail .../postmaster.log
...
2025-02-19 01:25:39.227 EST [1950440] ERROR:  unrecognized role option "pasword" at character 22
2025-02-19 01:25:39.227 EST [1950440] STATEMENT:  CREATE USER bla WITH PASWORD 'bla';

Of course, this command didn't do anything; but a person reading the
log would have a pretty strong clue what password you were about to
assign.  (And contrarily, Postgres itself would have no clue that
'bla' might be something that needs hiding.)

			regards, tom lane