On Sat, Jul 23, 2022 at 5:27 PM Tom Lane <tgl@sss.pgh.pa.us> wrote: > Zhihong Yu <zyu@yugabyte.com> writes: > > Currently, in situation such as duplicate role creation, the server log > > would show something such as the following: > > > 2022-07-22 13:48:18.251 UTC [330] STATEMENT: CREATE ROLE test WITH LOGIN > > PASSWORD 'foobar'; > > > The password itself should be redacted before logging the statement. > > This has been proposed multiple times, and rejected multiple times, > primarily because it offers only false security: you'll never cover > all the cases. (The proposed patch manages to create a bunch of > false positives to go along with its false negatives, too.) > > The only safe answer is to be sure to keep the server log contents > secure. Please see prior discussions in the archives. > > regards, tom lane > Hi, I am thinking of adding `if not exists` to `CREATE ROLE` statement: CREATE ROLE trustworthy if not exists; In my previous example, if the user can issue the above command, there would be no SQL statement logged. Do you think it is worth adding `if not exists` clause ? Thanks

On Sat, Jul 23, 2022 at 5:27 PM Tom Lane <tgl@sss.pgh.pa.us> wrote: > Zhihong Yu <zyu@yugabyte.com> writes: > > Currently, in situation such as duplicate role creation, the server log > > would show something such as the following: > > > 2022-07-22 13:48:18.251 UTC [330] STATEMENT: CREATE ROLE test WITH LOGIN > > PASSWORD 'foobar'; > > > The password itself should be redacted before logging the statement. > > This has been proposed multiple times, and rejected multiple times, > primarily because it offers only false security: you'll never cover > all the cases. (The proposed patch manages to create a bunch of > false positives to go along with its false negatives, too.) > > The only safe answer is to be sure to keep the server log contents > secure. Please see prior discussions in the archives. > > regards, tom lane > Pardon my laziness. I will pay more attention.