'BUG #17338: pgaudit ddl audit logging show clear text password when create user mapping'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pgsql-bugs
Subject:    BUG #17338: pgaudit  ddl audit logging show  clear text password when create user mapping
From:       PG Bug reporting form <noreply () postgresql ! org>
Date:       2021-12-16 6:12:11
Message-ID: 17338-36d29597b910398f () postgresql ! org
[Download RAW message or body]

[Attachment #2 (text/plain)]

The following bug has been logged on the website:

Bug reference:      17338
Logged by:          James Pang
Email address:      chaolpan@cisco.com
PostgreSQL version: 13.4
Operating system:   RHEL8.4
Description:        

pgaudit.log_catalog='on'
pgaudit.log_level='log'
pgaudit.log_parameter=on
pgaudit.log_statement_once=off
pgaudit.log='all, -misc'
pgaudit.log='ddl,role'

when create user jamet password 'testfdwpass';
audit log looks fine ,
2021-12-16 06:09:54.728 UTC:[local]:postgres@jamet:[67011]:[3-1]:2021-12-16
06:09:35 UTC:psqlLOG:  AUDIT: SESSION,1,1,ROLE,CREATE ROLE,,,create user
jamet password <REDACTED>,<none>

but when create user mapping for fdw , it show clear text password in
OPTIONS(user 'jamet', password '...')

CREATE USER MAPPING FOR jamet SERVER foreign_server OPTIONS (user 'jamet',
password 'testfdwpass');

AUDIT: SESSION,1,1,DDL,CREATE USER MAPPING,USER MAPPING,jamet on server
foreign_server,"CREATE USER MAPPING FOR jamet SERVER foreign_server OPTIONS
(user 'jamet', password 'testfdwpass');"



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic