PostgreSQL Bugs

Collected from the PG bugs email list.

Bug ID16449
PG Version10.12
OSlinux
Opened2020-05-18 09:16:31+00
Reported byyi Ding
StatusNew

Body of first available message related to this bug follows.

The following bug has been logged on the website:

Bug reference:      16449
Logged by:          yi Ding
Email address:      (redacted)
PostgreSQL version: 10.12
Operating system:   linux
Description:        

1、The log_statement is set to ALL
2、Execute statement:alter user t password 'adsf123asg';
3、Log file shows clear text password.

2020-05-18 10:32:11.606
CST,"postgres","postgres",16959,"[local]",5ec1f354.423f,3,"",2020-05-18
10:30:44 CST,14/26972,0,LOG,00000,"statement: alter user t password
'adsf123asg';",,,,,,,,"exec_simple_query, postgres.c:963","psql"

 4、The query field of the pg_stat_statements table displays the clear text
of the password. 
   
postgres=# select * from pg_stat_statements where queryid = '2555618481';
-[ RECORD 1 ]-------+-----------------------------------
userid              | 10
dbid                | 12298
queryid             | 2555618481
query               | alter user t password 'adsf123asg'
calls               | 2
total_time          | 0.266986
min_time            | 0.127103
max_time            | 0.139883
mean_time           | 0.133493
stddev_time         | 0.00639000000000001
rows                | 0
shared_blks_hit     | 6
shared_blks_read    | 0
shared_blks_dirtied | 2
shared_blks_written | 0
local_blks_hit      | 0
local_blks_read     | 0
local_blks_dirtied  | 0
local_blks_written  | 0
temp_blks_read      | 0
temp_blks_written   | 0
blk_read_time       | 0
blk_write_time      | 0

Messages

DateAuthorSubject
2020-05-18 09:16:31+00PG Bug reporting formBUG #16449: Log file and the query field of the pg_stat_statements table display clear text password.
2020-05-18 09:45:13+00Magnus HaganderRe: BUG #16449: Log file and the query field of the pg_stat_statements table display clear text password.
2020-05-19 06:22:09+00Oleksandr ShulginRe: BUG #16449: Log file and the query field of the pg_stat_statements table display clear text password.
2020-05-19 07:02:57+00Michael PaquierRe: BUG #16449: Log file and the query field of the pg_stat_statements table display clear text password.