Don Seiler <don@xxxxxxxxx> writes: > On Wed, Oct 11, 2017 at 9:48 AM, Tom Lane <tgl@xxxxxxxxxxxxx> wrote: >> This is why psql has provisions for encrypting a new password on the >> client side --- see \password. > That's nice to have that option, but why even make it an option? If this > is a dead horse that was finished being beaten years ago, my apologies. Yes, people have complained about this before, but they're asking for an impossibility, which is for necessarily-pretty-dumb logging code to decide which parts of SQL commands somebody might think are sensitive. I don't intend to spend much time arguing about this, because you can find previous discussions in the PG archives if you're so inclined. But I do remember one simple counterexample: if you fat-finger the command syntax, say ALTER YSER joe PASSWORD 'notsosecret' would you still expect the logging code to figure out that it should suppress the password? regards, tom lane -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
