Skip site navigation (1) Skip section navigation (2)

Security of ODBC debug log file leaves something to be desired

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: pgsql-odbc(at)postgreSQL(dot)org
Subject: Security of ODBC debug log file leaves something to be desired
Date: 2005-04-08 03:00:24
Message-ID: 24444.1112929224@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-odbc
I got a complaint here
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154126
pointing out that when you set debug=1, the generated log file
is world-readable by default, which doesn't seem like a good
idea when it may contain your password.  Also, since the name
of the file is pretty predictable, there is an opportunity
for a symlink redirection attack (though I doubt anything
really interesting could be accomplished that way).

Any thoughts about fixing this?  It's hard to believe no one
has pointed it out before, so I was wondering if there was some
good reason for doing it like this.

			regards, tom lane

Responses

pgsql-odbc by date

Next:From: Mischa SandbergDate: 2005-04-08 05:24:45
Subject: Re: Security of ODBC debug log file leaves something to be desired
Previous:From: Robert Max KramerDate: 2005-04-07 18:03:47
Subject: Driver uses always UTF-8?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group