1

In one of our project, I tried to use PostgreSQL's security extension pgcrypto. I found that is function, PGP_SYM_ENCRYPT is quite handy. Using this function enable me to query encrypted data with LIKE %keyword%, BETWEEN etc, which I can not achieve if I use programming language such as Java or PHP to encrypt the data then insert it into the database.

However, I found an issue. Once I execute queries with PGP_SYM_ENCRYPT new line in the log file is written. Interestingly, the log is including the password in PLAIN!

Of course, IMO, this is unacceptable. I want to secure my password, in the same time I also want to log any change (INSERT, UPDATE, DELETE) into my database.

Is there any way to hide this password information from the log file?

Improve this question
0

1 Answer 1

Reset to default
1

You can change your configuration settings to make this less likely to occur (What setting was triggering the log message in the first place?)

But in general, if you send your password to the database, then the database has your password. There is simply no way around this, other than not sending your password to the database and dealing with the consequences of that. If you do send your password to the database, then you must guard the database log files with the same vigilance as you guard the rest of the database.

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.