Re: BUG #18817: Security Bug Report: Plaintext Password Exposure in Logs

Daniel Westermann (DWE) <daniel.westermann@dbi-services.com>

From: "Daniel Westermann (DWE)" <daniel.westermann@dbi-services.com>
To: Tom Lane <tgl@sss.pgh.pa.us>, Matthias Apitz <guru@unixarea.de>
Cc: Indrajeeth Deshmukh <bkindrajeeth@gmail.com>, David Rowley <dgrowleyml@gmail.com>, "pgsql-bugs@lists.postgresql.org" <pgsql-bugs@lists.postgresql.org>
Date: 2025-02-19T06:39:56Z
Lists: pgsql-bugs
_______________________________________
From: Tom Lane <tgl@sss.pgh.pa.us>
Sent: Wednesday, February 19, 2025 07:30
To: Matthias Apitz <guru@unixarea.de>
Cc: Indrajeeth Deshmukh <bkindrajeeth@gmail.com>; David Rowley <dgrowleyml@gmail.com>; pgsql-bugs@lists.postgresql.org <pgsql-bugs@lists.postgresql.org>
Subject: Re: BUG #18817: Security Bug Report: Plaintext Password Exposure in Logs
 
Matthias Apitz <guru@unixarea.de> writes:
> What do I have to configure in the PostgreSQL server to get this
> reproduced? I tried:

export PGDATA=/var/tmp/xx; rm -rf $PGDATA; export PGPORT=8888; initdb; echo "logging_collector=on" >> $PGDATA/postgresql.auto.conf; echo "log_statement=ddl" >> $PGDATA/postgresql.auto.conf; pg_ctl start; psql <<< "create user u with password 'u'"; cat $PGDATA/log/*; pg_ctl stop

Regards
Daniel