Participants
PG Bug reporting form
PG Bug reporting form
Magnus Hagander
Magnus Hagander
Attachments
Show all attachments
Thread Outline
#1PG Bug reporting formPG Bug reporting form
May 18, 2020
#2Magnus HaganderMagnus Haganderto PG Bug reporting form (#1)
May 18, 2020

BUG #16451: .psql_history file shows clear text password.

Started by PG Bug reporting formalmost 6 years ago2 messagesbugs
Jump to latest
#1PG Bug reporting form
PG Bug reporting form
noreply@postgresql.org

The following bug has been logged on the website:

Bug reference: 16451
Logged by: yi Ding
Email address: abcxiaod@126.com
PostgreSQL version: 10.12
Operating system: linux
Description:

bash-4.2# cat /home/postgres/.psql_history |grep password
alter user t password 'adsf123asg';

#2Magnus Hagander
Magnus Hagander
magnus@hagander.net
In reply to: PG Bug reporting form (#1)
Re: BUG #16451: .psql_history file shows clear text password.

On Mon, May 18, 2020 at 11:42 AM PG Bug reporting form <
noreply@postgresql.org> wrote:

The following bug has been logged on the website:

Bug reference: 16451
Logged by: yi Ding
Email address: abcxiaod@126.com
PostgreSQL version: 10.12
Operating system: linux
Description:

bash-4.2# cat /home/postgres/.psql_history |grep password
alter user t password 'adsf123asg';

Yes, if you intentionally send the query in clear text, it will be logged
in clear text.

Just like with your report about creating user, it is clearly documented in
the ALTER ROLE documentation that if you don't want this, you should use
\password or a similar functionality, and not the cleartext ALTER USER.

You can also turn off command line history in psql if you want, by running
it with -n.

--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/&gt;
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/&gt;

← Back to Topics