Re: BUG #18817: Security Bug Report: Plaintext Password Exposure in Logs
Daniel Westermann (DWE) <daniel.westermann@dbi-services.com>
From: "Daniel Westermann (DWE)" <daniel.westermann@dbi-services.com>
To: Tom Lane <tgl@sss.pgh.pa.us>, Matthias Apitz <guru@unixarea.de>
Cc: Indrajeeth Deshmukh <bkindrajeeth@gmail.com>, David Rowley <dgrowleyml@gmail.com>, "pgsql-bugs@lists.postgresql.org" <pgsql-bugs@lists.postgresql.org>
Date: 2025-02-19T06:39:56Z
Lists: pgsql-bugs
_______________________________________ From: Tom Lane <tgl@sss.pgh.pa.us> Sent: Wednesday, February 19, 2025 07:30 To: Matthias Apitz <guru@unixarea.de> Cc: Indrajeeth Deshmukh <bkindrajeeth@gmail.com>; David Rowley <dgrowleyml@gmail.com>; pgsql-bugs@lists.postgresql.org <pgsql-bugs@lists.postgresql.org> Subject: Re: BUG #18817: Security Bug Report: Plaintext Password Exposure in Logs Matthias Apitz <guru@unixarea.de> writes: > What do I have to configure in the PostgreSQL server to get this > reproduced? I tried: export PGDATA=/var/tmp/xx; rm -rf $PGDATA; export PGPORT=8888; initdb; echo "logging_collector=on" >> $PGDATA/postgresql.auto.conf; echo "log_statement=ddl" >> $PGDATA/postgresql.auto.conf; pg_ctl start; psql <<< "create user u with password 'u'"; cat $PGDATA/log/*; pg_ctl stop Regards Daniel