On Fri, 2020-04-17 at 02:01 +0000, PG Doc comments form wrote: > pg_stat_statements is recording passwords also, is there any way to avoid > the logging of passwords without droping extension package. > testdb=> create user test1 with password 'test123'; > CREATE ROLE > testdb=> create user test2 with encrypted password 'test123'; > CREATE ROLE > test=> select query from pg_stat_statements where query like '%test%'; > query > ----------------------------------------------------------- > create user test1 with encrypted password 'test123' > create user test2 with password 'test123'
There is no way to obfuscate such passwords. Note that these statements will also show up in the server log if you set "log_statement = 'ddl'". For these reasons it is recommended to never set your password like this, but always hash it on the client side first. Most interactive clients have a way to do that, like psql`s "\password". Yours, Laurenz Albe -- Cybertec | https://www.cybertec-postgresql.com
