Re: PATCH: warn about, and deprecate, clear text passwords

Robert Haas <robertmhaas@gmail.com>

From: Robert Haas <robertmhaas@gmail.com>
To: "David G. Johnston" <david.g.johnston@gmail.com>
Cc: Greg Sabino Mullane <htamfids@gmail.com>, Nathan Bossart <nathandbossart@gmail.com>, Tom Lane <tgl@sss.pgh.pa.us>, Isaac Morland <isaac.morland@gmail.com>, Aleksander Alekseev <aleksander@timescale.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2025-03-17T13:19:27Z
Lists: pgsql-hackers
On Sun, Mar 16, 2025 at 11:36 PM David G. Johnston
<david.g.johnston@gmail.com> wrote:
> It could also be:
>
> warning: your password is known to Big Brother
> hint: use psql \password to supply a private password, or see “docs/wiki page” for more details and a way to pre-compute and send a private password via SQL.

OK, that's actually a fair point. It's still true, though, that all
the complaints that I hear about this are of the form "someone MIGHT
do something that puts their password in a log file" and a warning
doesn't stop that.

Granted, other people may hear different complaints than I do.

-- 
Robert Haas
EDB: http://www.enterprisedb.com