Scott, Don, all, * Scott Marlowe (scott.marlowe@xxxxxxxxx) wrote: > FYI our standard hack here is to run > > set log_statement='none'; > alter user ... That's pretty terrible, frankly. > I do agree it would be nice to have postgres stamp out the password > field with *** when logging though The right approach is to use SCRAM and the exported libpq functions for generating a proper verifier that is then passed to ALTER USER, just like \password does in psql. Of course, SCRAM is only in v10. The old md5 method has other issues beyond this. Better than all of the above is to use either Kerberos or client-side certificates. Thanks! Stephen
Attachment:
signature.asc
Description: Digital signature
