Re: BUG #18817: Security Bug Report: Plaintext Password Exposure in Logs

Greg Sabino Mullane <htamfids@gmail.com>

From: Greg Sabino Mullane <htamfids@gmail.com>
To: Indrajeeth Deshmukh <bkindrajeeth@gmail.com>
Cc: David Rowley <dgrowleyml@gmail.com>, pgsql-bugs@lists.postgresql.org
Date: 2025-02-18T14:38:38Z
Lists: pgsql-bugs
On Tue, Feb 18, 2025 at 9:17 AM Indrajeeth Deshmukh <bkindrajeeth@gmail.com>
wrote:

> Thanks for sharing the details. It looks like a valid issue and has not
> been resolved yet. Currently, the solution is keeping the file remains
> secure, but when it comes to SIEM monitoring, it will be a major concern.
> Any thoughts on this?
>

Other solutions:

1. Use Kerberos
2. Disallow password creation and altering, except via psql \password or
similar methods.
3. Disable logging when you are about to attempt a password change

-- 
Cheers,
Greg

--
Crunchy Data - https://www.crunchydata.com
Enterprise Postgres Software Products & Tech Support