From 16d6615b4169f210b6e6bcead6fbf5b67e5c66f8 Mon Sep 17 00:00:00 2001
From: Bruce Momjian <bruce@momjian.us>
Date: Tue, 5 Mar 2002 06:52:05 +0000
Subject: [PATCH] Prevent failed passwords from being echoed to server logs,
 for security.

---
 src/backend/libpq/auth.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index f20a02788e..7c090b9332 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.77 2002/03/04 01:46:02 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.78 2002/03/05 06:52:05 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -805,8 +805,8 @@ recv_and_check_password_packet(Port *port)
 		return STATUS_EOF;
 	}
 
-	elog(DEBUG5, "received password packet with len=%d, pw=%s",
-		 len, buf.data);
+	/* Do not echo failed password to logs, for security. */
+	elog(DEBUG5, "received password packet");
 
 	result = checkPassword(port, port->user, buf.data);
 	pfree(buf.data);