Re: BUG #18817: Security Bug Report: Plaintext Password Exposure in Logs
Greg Sabino Mullane <htamfids@gmail.com>
From: Greg Sabino Mullane <htamfids@gmail.com>
To: Indrajeeth Deshmukh <bkindrajeeth@gmail.com>
Cc: David Rowley <dgrowleyml@gmail.com>, pgsql-bugs@lists.postgresql.org
Date: 2025-02-18T14:38:38Z
Lists: pgsql-bugs
On Tue, Feb 18, 2025 at 9:17 AM Indrajeeth Deshmukh <bkindrajeeth@gmail.com> wrote: > Thanks for sharing the details. It looks like a valid issue and has not > been resolved yet. Currently, the solution is keeping the file remains > secure, but when it comes to SIEM monitoring, it will be a major concern. > Any thoughts on this? > Other solutions: 1. Use Kerberos 2. Disallow password creation and altering, except via psql \password or similar methods. 3. Disable logging when you are about to attempt a password change -- Cheers, Greg -- Crunchy Data - https://www.crunchydata.com Enterprise Postgres Software Products & Tech Support